CVE-2019-14532 - An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an un

CVE-2019-14532

Summary

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.

References

Vulnerable Configurations

cpe:2.3:a:sleuthkit:the_sleuth_kit:4.6.6:*:*:*:*:*:*:*
cpe:2.3:a:sleuthkit:the_sleuth_kit:4.6.6:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 22-04-2022 - 20:11)
Impact:
Exploitability:

CWE

CWE-193

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

fedora	FEDORA-2020-1dd340ab85 FEDORA-2020-6e3e0c6386 FEDORA-2020-94c2f78e0c
misc	https://github.com/sleuthkit/sleuthkit/issues/1575

Last major update

22-04-2022 - 20:11

Published

02-08-2019 - 15:15

Last modified

22-04-2022 - 20:11