Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
bulk_extractor has Heap-based Buffer Overflow vulnerability
Vulnerability Description
`bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in `Unpack::CopyString`, leading to a crash under ASAN (and likely a crash or memory corruption in production builds). There's potential for using this for RCE. As of time of publication, no known patches are available.
CVSS Information
N/A
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
Building bulk_extractor 安全漏洞
Vulnerability Description
Building bulk_extractor是Simson L. Garfinkel个人开发者的一款高性能数字取证分析工具。 Building bulk_extractor 1.4及之后版本存在安全漏洞,该漏洞源于其嵌入式unrar代码在RAR PPM LZ解码路径中存在堆缓冲区溢出,可能导致越界写入、崩溃或内存损坏,并可能用于远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A