ALT-PU-2021-1118-1
Closed vulnerabilities
Published: 2020-03-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-10232
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
- [debian-lts-announce] 20200311 [SECURITY] [DLA 2137-1] sleuthkit security update
- [debian-lts-announce] 20220620 [SECURITY] [DLA 3054-1] sleuthkit security update
- FEDORA-2020-94c2f78e0c
- FEDORA-2020-6e3e0c6386
- FEDORA-2020-1dd340ab85
- https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
- FEDORA-2020-1dd340ab85
- FEDORA-2020-6e3e0c6386
- FEDORA-2020-94c2f78e0c
- [debian-lts-announce] 20220620 [SECURITY] [DLA 3054-1] sleuthkit security update
- [debian-lts-announce] 20200311 [SECURITY] [DLA 2137-1] sleuthkit security update
Published: 2020-03-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-10233
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References: