Heap-Based Buffer Over-Read in The Sleuth Kit by Sleuth Kit Solutions
CVE-2020-10233

9.1CRITICAL

Key Information:

Vendor

Sleuthkit

Status
The Sleuth Kit
Vendor
CVE Published:
9 March 2020

What is CVE-2020-10233?

In version 4.8.0 and earlier of The Sleuth Kit (TSK), a heap-based buffer over-read occurs in the ntfs_dinode_lookup function within fs/ntfs.c. This vulnerability could be exploited by attackers, leading to unintended memory access, potential information disclosure, or other complex exploitation scenarios. Users of the affected versions should seek to update their installations to mitigate risks associated with this issue.

References

https://github.com/sleuthkit/sleuthkit/issues/1829
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.