Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read
Vulnerability Description
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Vulnerability Type
跨界内存读
Vulnerability Title
The Sleuth Kit 缓冲区错误漏洞
Vulnerability Description
The Sleuth Kit(TSK)是Brian Carrier个人开发者的一套数据取证工具集合。该工具能够分析FAT、NTFS、UFS等文件系统,并提供文件系统的详细信息。 The Sleuth Kit 4.14.0及之前版本存在缓冲区错误漏洞,该漏洞源于越界读取和无限循环,可能导致信息泄露或拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A