Out-of-Bounds Read Vulnerability in The Sleuth Kit by Sleuth Kit Team
CVE-2018-11737

8.1HIGH

Key Information:

Vendor: Sleuthkit
Status: The Sleuth Kit
Vendor: CVE Published:; 5 June 2018

What is CVE-2018-11737?

An out-of-bounds read vulnerability exists in the libtskfs.a library of The Sleuth Kit, affecting versions from 4.0.2 to 4.6.1. The issue arises in the ntfs_fix_idxrec function within the ntfs_dent.cpp file, where improper handling of memory can be exploited by an attacker. This may lead to information disclosure or allow unauthorized access to read from unmapped memory regions, potentially causing application instability or a denial of service.

References

https://github.com/sleuthkit/sleuthkit/issues/1266

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 5, 2018

CVE-2018-11737 Data

JSON

Sleuthkit

What is CVE-2018-11737?

References

CVSS V3.1

Timeline