VDB

GCVE-110-MAGEIA-2020-234

GCVE-110-MAGEIA-2020-234
Advisory Published
Vulnetix · Advisory published May 27, 2020
Updated sleuthkit packages fix security vulnerabilities: An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table (CVE-2019-14532). In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c (CVE-2020-10233).

Affected Products

VendorProductVersionsPlatforms
Mageiamicrocode0 (affected), 0.20201118-1.mga7.nonfree (unaffected)
Mageiasleuthkit0 (affected), 4.9.0-1.mga7 (unaffected), 0 (affected), 4.9.0-1.mga7 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›