Infinite Recursion Vulnerability in The Sleuth Kit by Sleuth Kit
CVE-2017-13756

5.5MEDIUM

Key Information:

Vendor

Sleuthkit

Status
The Sleuth Kit
Vendor
CVE Published:
29 August 2017

What is CVE-2017-13756?

An infinite recursion vulnerability exists in The Sleuth Kit (TSK) 4.4.2 when processing crafted disk images. This flaw is triggered by the dos_load_ext_table() function in the tsk/vs/dos.c file within the libtskvs.a library, leading to potential application crashes and resource exhaustion. Users are advised to apply security updates or mitigate risks associated with opening maliciously crafted disk images.

References

https://github.com/sleuthkit/sleuthkit/issues/914
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022/06/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.