cbcvebase.
CVE-2020-10233
published 2020-03-09

CVE-2020-10233: In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.

critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiansleuthkit< sleuthkit 4.9.0+dfsg-2 (bookworm)sleuthkit 4.9.0+dfsg-2 (bookworm)
sleuthkitsleuthkit>= 0 < 4.9.0+dfsg-24.9.0+dfsg-2
sleuthkitsleuthkit>= 0 < 4.9.0+dfsg-24.9.0+dfsg-2
sleuthkitsleuthkit>= 0 < 4.9.0+dfsg-24.9.0+dfsg-2
sleuthkitsleuthkit>= 0 < 4.9.0+dfsg-24.9.0+dfsg-2
sleuthkitthe_sleuth_kit<= 4.8.0

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL