Skip to main content

Suse CVE-2026-40026

| EUVDEUVD-2026-20763 MEDIUM
Out-of-bounds Read (CWE-125)
2026-04-08 VulnCheck GHSA-3pvc-h22x-rq5v
4.8
CVSS 4.0 · NVD
Temporal: 4.4
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CIRCL (temporal)
4.4 MEDIUM
cvss
SUSE
4.4 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Apr 08, 2026 - 22:01 euvd
EUVD-2026-20763
Analysis Generated
Apr 08, 2026 - 22:01 vuln.today
Patch released
Apr 08, 2026 - 22:01 nvd
Patch available
CVE Published
Apr 08, 2026 - 21:35 nvd
MEDIUM 4.8

DescriptionCVE.org

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.

AnalysisAI

Out-of-bounds read in The Sleuth Kit through 4.14.0 allows local attackers with user interaction to disclose sensitive information via a crafted ISO9660 image, exploiting the parse_susp() function's failure to validate field lengths before copying SUSP extension data into stack buffers. The vulnerability can also trigger infinite parsing loops with malformed zero-length SUSP entries. Patch available from upstream repository.

Technical ContextAI

The Sleuth Kit is a digital forensics framework that parses various filesystem formats including ISO9660 with SUSP (System Use Sharing Protocol) extensions. The parse_susp() function in the ISO9660 parser reads len_id, len_des, and len_src fields directly from untrusted disk image data and uses them as sizes for memcpy operations into a fixed stack buffer without validating that these fields correctly describe data present within the SUSP block boundaries. This violates CWE-125 (Out-of-bounds Read) by trusting attacker-controlled length values from the disk image. Additionally, zero-length SUSP entries can cause infinite loops due to improper loop termination logic, creating a denial-of-service condition.

RemediationAI

Apply the upstream patch from commit a95b0ac21733b059a517aaefa667a17e1bcbdee1 (https://github.com/sleuthkit/sleuthkit/commit/a95b0ac21733b059a517aaefa667a17e1bcbdee1) or pull request #3445 (https://github.com/sleuthkit/sleuthkit/pull/3445). Update to a patched version released after these commits are merged. As an interim mitigation, avoid parsing ISO9660 images from untrusted sources or use alternative forensic tools that validate SUSP extension fields. Refer to the vendor advisory at https://mobasi.ai/sentinel for release version information.

Vendor StatusVendor

SUSE

Severity: Medium

Share

CVE-2026-40026 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy