In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
29 Nov 2022, 19:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZXFYOOMSP7NWRTSO4XXGHXAY3CJNAJ6/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLSVLDQLPGKRHHBPYUXVJJPAID6CYBXD/ - Mailing List, Third Party Advisory |
20 Jun 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-11-29 23:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-19497
Mitre link : CVE-2018-19497
CVE.ORG link : CVE-2018-19497
JSON object : View
Products Affected
debian
- debian_linux
sleuthkit
- the_sleuth_kit
fedoraproject
- fedora
CWE
CWE-125
Out-of-bounds Read