All errata/sisyphus/ALT-PU-2021-1118-1
ALT-PU-2021-1118-1

Package update sleuthkit in branch sisyphus

Version4.10.1-alt1
Task#265079
Published2021-01-22
Max severityCRITICAL
Severity:

Closed issues (2)

CVE-2020-10232
CRITICAL9.8

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

Published: 2020-03-09Modified: 2024-11-21
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2020-10233
CRITICAL9.1

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.

Published: 2020-03-09Modified: 2024-11-21
CVSS 2.0MEDIUM 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References