Bug#914796: sleuthkit: CVE-2018-19497 out of bounds read in Sleuthkit
On Tue, Feb 19, 2019 at 05:39:10PM +0100, Moritz Mühlenhoff wrote: > On Tue, Nov 27, 2018 at 01:38:43PM +0100, Jordy Zomer wrote: > > Package: sleuthkit > > Version: 4.2.0-3 > > Severity: normal > > > > Dear Maintainer, > > > > An issue was discovered in The Sleuth Kit (TSK) through 4.6.4. > > The "tsk_getu16(hfs->fs_info.endian, _buf[rec_off2])" call in > > hfs_dir_open_meta_cb in > > tsk/fs/hfs_dent.c does not properly check boundaries. This results in > > a crash (SEGV on unknown address > > READ memory access) > > when reading too much in the destination buffer. > > > > this is because the boundary check in hfs_traverse_cat wasn't done properly. > > > > The following CVE was assigned (It's still reserved): > > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19497 > > Fixed in > https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6bb95d *ping*, could we get that into buster still? Cheers, Moritz
Bug#914796: sleuthkit: CVE-2018-19497 out of bounds read in Sleuthkit
On Tue, Nov 27, 2018 at 01:38:43PM +0100, Jordy Zomer wrote: > Package: sleuthkit > Version: 4.2.0-3 > Severity: normal > > Dear Maintainer, > > An issue was discovered in The Sleuth Kit (TSK) through 4.6.4. > The "tsk_getu16(hfs->fs_info.endian, _buf[rec_off2])" call in > hfs_dir_open_meta_cb in > tsk/fs/hfs_dent.c does not properly check boundaries. This results in > a crash (SEGV on unknown address > READ memory access) > when reading too much in the destination buffer. > > this is because the boundary check in hfs_traverse_cat wasn't done properly. > > The following CVE was assigned (It's still reserved): > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19497 Fixed in https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6bb95d Cheers, Moritz
Bug#914796: sleuthkit: CVE-2018-19497 out of bounds read in Sleuthkit
Package: sleuthkit Version: 4.2.0-3 Severity: normal Dear Maintainer, An issue was discovered in The Sleuth Kit (TSK) through 4.6.4. The "tsk_getu16(hfs->fs_info.endian, _buf[rec_off2])" call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c does not properly check boundaries. This results in a crash (SEGV on unknown address READ memory access) when reading too much in the destination buffer. this is because the boundary check in hfs_traverse_cat wasn't done properly. The following CVE was assigned (It's still reserved): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19497 I have contacted the maintainer and submitted a pull request but after 3 days there's still no response. I have also validated the patch and can confirm that it fixes the issue. The pull request can be found on: https://github.com/sleuthkit/sleuthkit/pull/1374 I hope I have informed you enough, do not hesitate to contact me if you have any further questions. Thank you for your time. Kind Regards, Jordy Zomer -- System Information: Debian Release: stretch/sid APT prefers xenial-updates APT policy: (500, 'xenial-updates'), (500, 'xenial-security'), (500, 'xenial'), (100, 'xenial-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.4.0-134-generic (SMP w/3 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sleuthkit depends on: ii file1:5.25-2ubuntu1.1 ii libafflib0v53.7.7-3 ii libc6 2.23-0ubuntu10 ii libdate-manip-perl 6.52-1 ii libewf2 20140608-6 ii libgcc1 1:6.0.1-0ubuntu1 ii libstdc++6 5.4.0-6ubuntu1~16.04.10 ii libtsk134.2.0-3 ii perl5.22.1-9ubuntu0.5 sleuthkit recommends no packages. Versions of packages sleuthkit suggests: pn autopsy pn mac-robber -- no debconf information