The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesystem image.
References
Link | Resource |
---|---|
https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b | Patch Third Party Advisory |
https://issuetracker.google.com/issues/77809383 | Permissions Required Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VXDAP6SEO3RCDCZITTFGNZGSVPE5CTY/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGWCQIZKTDCJO4YGL5LGPYFNOVU7SJRX/ |
Configurations
History
29 Nov 2022, 18:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VXDAP6SEO3RCDCZITTFGNZGSVPE5CTY/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWCQIZKTDCJO4YGL5LGPYFNOVU7SJRX/ - Mailing List, Third Party Advisory |
20 Jun 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-07-18 17:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-1010065
Mitre link : CVE-2019-1010065
CVE.ORG link : CVE-2019-1010065
JSON object : View
Products Affected
debian
- debian_linux
sleuthkit
- the_sleuth_kit
fedoraproject
- fedora
CWE
CWE-190
Integer Overflow or Wraparound