On Tue, Feb 19, 2019 at 05:39:10PM +0100, Moritz Mühlenhoff wrote:
> On Tue, Nov 27, 2018 at 01:38:43PM +0100, Jordy Zomer wrote:
> > Package: sleuthkit
> > Version: 4.2.0-3
> > Severity: normal
> >
> > Dear Maintainer,
> >
> > An issue was discovered in The Sleuth Kit (TSK) through 4.6.4.
> > The "tsk_getu16(hfs->fs_info.endian, &rec_buf[rec_off2])" call in
> > hfs_dir_open_meta_cb in
> > tsk/fs/hfs_dent.c does not properly check boundaries. This results in
> > a crash (SEGV on unknown address
> > READ memory access)
> > when reading too much in the destination buffer.
> >
> > this is because the boundary check in hfs_traverse_cat wasn't done properly.
> >
> > The following CVE was assigned (It's still reserved):
> >
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19497
>
> Fixed in
> https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6ddddbb95d
*ping*, could we get that into buster still?
Cheers,
Moritz
