87 matches found
Stack overflow
In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...
Heap overflow
In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a heap-based buffer over-read in ntfsdinodelookup in fs/ntfs.c...
CVE-2020-10232
In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...
CVE-2020-10232
The Sleuth Kit (TSK) up to version 4.8.0 contains a stack buffer overflow in the YAFFS file timestamp parsing in yaffsfs_istat() (fs/yaffs.c). Affected component is the YAFFS timestamp parsing logic; impact is high (potential crash or exploitation as implied by CVSS). Remediation: upgrade to newe...
CVE-2020-10232
In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...
CVE-2020-10233
In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a heap-based buffer over-read in ntfsdinodelookup in fs/ntfs.c...
[SECURITY] Fedora 29 Update: sleuthkit-4.6.7-1.fc29
The Sleuth Kit TSK is a collection of UNIX-based command line tools that allow you to investigate a computer. The current focus of the tools is the file and volume systems and TSK supports FAT, Ext2/3, NTFS, UFS, and ISO 9660 file systems...
CVE-2019-14531
An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c...
CVE-2019-14532
An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table...
CVE-2019-14531
An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c...
CVE-2019-14531
CVE-2019-14531 describes an out-of-bounds read in The Sleuth Kit (TSK) v4.6.6 while parsing System Use Sharing Protocol data in fs/iso9660.c (iso9660). The issue is tied to TSK’s handling of ISO9660 data; the connected sources confirm the exact affected component and location, but do not provide ...
CVE-2019-14531
An issue was discovered in The Sleuth Kit TSK 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c...
CVE-2019-14532
CVE-2019-14532 affects The Sleuth Kit (TSK) 4.6.6, with an off-by-one overwrite caused by an underflow in tools/hashtools/hfind.cpp when using a bogus hash table. The vulnerability can be exploited remotely (network) with no authentication and no user interaction, yielding partial confidentiality...
CVE-2018-19497
In The Sleuth Kit TSK through 4.6.4, hfscattraverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service SEGV on unknown address with READ memory access in a tskgetu16 call in hfsdiropenmetacb in tsk/fs/hfsdent.c...
CVE-2018-19497
In The Sleuth Kit TSK through 4.6.4, hfscattraverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service SEGV on unknown address with READ memory access in a tskgetu16 call in hfsdiropenmetacb in tsk/fs/hfsdent.c...
CVE-2018-19497
In The Sleuth Kit TSK through 4.6.4, hfscattraverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service SEGV on unknown address with READ memory access in a tskgetu16 call in hfsdiropenmetacb in tsk/fs/hfsdent.c...
CVE-2018-19497
CVE-2018-19497 affects The Sleuth Kit (TSK) up to 4.6.4 via hfs_cat_traverse in tsk/fs/hfs.c, where an oversized key length can cause a denial of service (SEGV in tsk_getu16 during hfs_dir_open_meta_cb). Public docsets indicate mitigations/patches: Debian LTS/DLA-3054-1 fixes SleuthKit in Debian ...
CVE-2018-19497
In The Sleuth Kit TSK through 4.6.4, hfscattraverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service SEGV on unknown address with READ memory access in a tskgetu16 call in hfsdiropenmetacb in tsk/fs/hfsdent.c...
Updated sleuthkit packages fix security vulnerabilities
Updated sleuthkit packages fix security vulnerabilities: In The Sleuth Kit TSK 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660procdir in tsk/fs/iso9660dent.c in libtskfs.a, as demonstrated by fls CVE-2017-13755. In The Sleuth Kit TSK 4.4.2, opening a crafted disk...
CVE-2018-11740
An issue was discovered in libtskbase.a in The Sleuth Kit TSK from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tskUTF16toUTF8 in tsk/base/tskunicode.c which could be leveraged by an attacker to disclose information or manipulated to read from...