Sleuthkit

The Sleuth Kit

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2026-40026

  • EPSS 0.01%
  • Veröffentlicht 08.04.2026 21:35:22
  • Zuletzt bearbeitet 17.04.2026 17:14:18

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without veri...

6.1

CVE-2026-40025

  • EPSS 0.01%
  • Veröffentlicht 08.04.2026 21:35:21
  • Zuletzt bearbeitet 15.04.2026 20:52:40

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocate...

7.1

CVE-2026-40024

  • EPSS 0.04%
  • Veröffentlicht 08.04.2026 21:35:20
  • Zuletzt bearbeitet 15.04.2026 20:52:44

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal se...

7.8

CVE-2022-45639

Exploit
  • EPSS 1.04%
  • Veröffentlicht 24.01.2023 02:15:09
  • Zuletzt bearbeitet 02.04.2025 15:15:47

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick comma...

9.1

CVE-2020-10233

Exploit
  • EPSS 0.55%
  • Veröffentlicht 09.03.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:01

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.

9.8

CVE-2020-10232

  • EPSS 1.41%
  • Veröffentlicht 09.03.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:01

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

9.8

CVE-2019-14532

Exploit
  • EPSS 0.61%
  • Veröffentlicht 02.08.2019 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:26:55

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.

9.8

CVE-2019-14531

Exploit
  • EPSS 0.4%
  • Veröffentlicht 02.08.2019 15:15:12
  • Zuletzt bearbeitet 21.11.2024 04:26:54

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.

6.5

CVE-2019-1010065

  • EPSS 1.16%
  • Veröffentlicht 18.07.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:17:57

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hf...

6.5

CVE-2018-19497

  • EPSS 3.21%
  • Veröffentlicht 29.11.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:01

In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 c...