CVE Vulnerability

CVE-2018-19497

In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/sleuthkit/sleuthkit/pull/1374 Patch Third Party Advisory
https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6ddddbb95d Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/12/msg00008.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLSVLDQLPGKRHHBPYUXVJJPAID6CYBXD/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZXFYOOMSP7NWRTSO4XXGHXAY3CJNAJ6/ Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:sleuthkit:the_sleuth_kit:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Information

Published : 2018-11-29 11:29

Updated : 2022-11-29 07:18

NVD link : CVE-2018-19497

Mitre link : CVE-2018-19497

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read