Skip to main content

The Sleuth Kit CVE-2020-10232

CRITICAL
Out-of-bounds Write (CWE-787)
2020-03-09 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 09, 2020 - 00:15 nvd
CRITICAL 9.8

DescriptionNVD

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

AnalysisAI

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. Affected products include: Sleuthkit The Sleuth Kit, Debian Debian Linux, Fedoraproject Fedora. Version information: version 4.8.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2019-14532 CRITICAL POC
9.8 Aug 02

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2019-14531 CRITICAL POC
9.8 Aug 02

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2020-10233 CRITICAL POC
9.1 Mar 09

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs

CVE-2018-11740 HIGH POC
8.1 Jun 05

An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity

CVE-2018-11739 HIGH POC
8.1 Jun 05

An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity

CVE-2018-11738 HIGH POC
8.1 Jun 05

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (

CVE-2018-11737 HIGH POC
8.1 Jun 05

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (

CVE-2017-13755 MEDIUM POC
5.5 Aug 29

In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in

CVE-2017-13760 MEDIUM POC
5.5 Aug 29

In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.

CVE-2019-1010065 MEDIUM
6.5 Jul 18

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. Rated medium severity (CVSS 6.5), this vulnerability

CVE-2018-19497 MEDIUM
6.5 Nov 29

In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is

CVE-2017-13756 MEDIUM
5.5 Aug 29

In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/v

Share

CVE-2020-10232 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy