Veracode Vulnerability DatabaseVERACODE:26122Arbitrary Code Execution
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
sleuthkit is vulnerable to arbitrary code execution. A stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c allows an attacker to execute arbitrary code on the host OS.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sleuthkit:3.11 | eq | 4.7.0-r0 | |
| sleuthkit:edge | eq | 4.8.0-r0 | |
| sleuthkit:3.11 | eq | 4.7.0-r0 | |
| sleuthkit:edge | eq | 4.8.0-r0 |
References
github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
lists.debian.org/debian-lts-announce/2020/03/msg00011.html
lists.debian.org/debian-lts-announce/2022/06/msg00015.html
lists.fedoraproject.org/archives/list/[email protected]/message/5EY53OYU7UZLAJWNIVVNR3EX2RNCCFTB/
lists.fedoraproject.org/archives/list/[email protected]/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA/
lists.fedoraproject.org/archives/list/[email protected]/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P