Skip to main content

The Sleuth Kit CVE-2018-11739

HIGH
Out-of-bounds Read (CWE-125)
2018-06-05 cve@mitre.org
8.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 05, 2018 - 11:29 nvd
HIGH 8.1

DescriptionNVD

An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.

AnalysisAI

An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. Affected products include: Sleuthkit The Sleuth Kit.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2019-14532 CRITICAL POC
9.8 Aug 02

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2019-14531 CRITICAL POC
9.8 Aug 02

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2020-10233 CRITICAL POC
9.1 Mar 09

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs

CVE-2018-11740 HIGH POC
8.1 Jun 05

An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity

CVE-2018-11738 HIGH POC
8.1 Jun 05

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (

CVE-2018-11737 HIGH POC
8.1 Jun 05

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (

CVE-2020-10232 CRITICAL
9.8 Mar 09

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file t

CVE-2017-13755 MEDIUM POC
5.5 Aug 29

In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in

CVE-2017-13760 MEDIUM POC
5.5 Aug 29

In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.

CVE-2019-1010065 MEDIUM
6.5 Jul 18

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. Rated medium severity (CVSS 6.5), this vulnerability

CVE-2018-19497 MEDIUM
6.5 Nov 29

In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is

CVE-2017-13756 MEDIUM
5.5 Aug 29

In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/v

Share

CVE-2018-11739 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy