cbcvebase.

Sleuthkit The Sleuth Kit vulnerabilities

18 known vulnerabilities affecting sleuthkit/the_sleuth_kit.

Total CVEs
18
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH7MEDIUM6LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-45639P3HIGHCVSS 7.8PoCv4.11.12023-01-24
CVE-2022-45639 [HIGH] CWE-78 CVE-2022-45639: OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrar OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
nvd
CVE-2020-10232P3CRITICALCVSS 9.8≤ 4.8.02020-03-09
CVE-2020-10232 [CRITICAL] CWE-787 CVE-2020-10232: In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
nvd
CVE-2019-14532P3CRITICALCVSS 9.8v4.6.62019-08-02
CVE-2019-14532 [CRITICAL] CWE-193 CVE-2019-14532: An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an un An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.
nvd
CVE-2020-10233P3CRITICALCVSS 9.1≤ 4.8.02020-03-09
CVE-2020-10233 [CRITICAL] CWE-125 CVE-2020-10233: In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
nvd
CVE-2019-14531P3CRITICALCVSS 9.8v4.6.62019-08-02
CVE-2019-14531 [CRITICAL] CWE-125 CVE-2019-14531: An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 whi An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.
nvd
CVE-2026-40024P3HIGHCVSS 7.1fixed in 4.15.02026-04-08
CVE-2026-40024 [HIGH] CWE-22 CVE-2026-40024: The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequ
nvd
CVE-2018-11737P4HIGHCVSS 8.1≥ 4.0.2, ≤ 4.6.12018-06-05
CVE-2018-11737 [HIGH] CWE-125 CVE-2018-11737: An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. A An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
nvd
CVE-2018-11738P4HIGHCVSS 8.1≥ 4.0.2, ≤ 4.6.12018-06-05
CVE-2018-11738 [HIGH] CWE-125 CVE-2018-11738: An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. A An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
nvd
CVE-2018-11740P4HIGHCVSS 8.1≥ 4.0.2, ≤ 4.6.12018-06-05
CVE-2018-11740 [HIGH] CWE-125 CVE-2018-11740: An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
nvd
CVE-2018-11739P4HIGHCVSS 8.1≥ 4.0.2, ≤ 4.6.12018-06-05
CVE-2018-11739 [HIGH] CWE-125 CVE-2018-11739: An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
nvd
CVE-2026-40026P4HIGHCVSS 7.1fixed in 4.14.02026-04-08
CVE-2026-40026 [HIGH] CWE-125 CVE-2026-40026: The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO im
nvd
CVE-2019-1010065P4MEDIUMCVSS 6.5≤ 4.6.02019-07-18
CVE-2019-1010065 [MEDIUM] CWE-190 CVE-2019-1010065: The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted di The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack vector is: Victim must open a crafted HFS filesy
nvd
CVE-2018-19497P4MEDIUMCVSS 6.5≤ 4.6.42018-11-29
CVE-2018-19497 [MEDIUM] CWE-125 CVE-2018-19497: In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
nvd
CVE-2026-40025P4MEDIUMCVSS 6.1fixed in 4.15.02026-04-08
CVE-2026-40025 [MEDIUM] CWE-125 CVE-2026-40025: The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem ke The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or c
nvd
CVE-2017-13755P4MEDIUMCVSS 5.5v4.4.22017-08-29
CVE-2017-13755 [MEDIUM] CWE-125 CVE-2017-13755: In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in is In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.
nvd
CVE-2017-13760P4MEDIUMCVSS 5.5v4.4.22017-08-29
CVE-2017-13760 [MEDIUM] CWE-119 CVE-2017-13760: In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_i In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.
nvd
CVE-2017-13756P4MEDIUMCVSS 5.5v4.4.22017-08-29
CVE-2017-13756 [MEDIUM] CWE-835 CVE-2017-13756: In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.
nvd
CVE-2012-5619P4LOWCVSS 2.1v4.0.12014-09-29
CVE-2012-5619 [LOW] CWE-20 CVE-2012-5619: The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file sy The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.
nvd