CVE-2020-10232

Опубликовано: 09 мар. 2020

Источник: debian

Описание

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
sleuthkit	fixed	4.9.0+dfsg-2		package
sleuthkit	fixed	4.6.5-1+deb10u1	buster	package

Примечания

https://github.com/sleuthkit/sleuthkit/issues/1836
https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1

Связанные уязвимости

CVE-2020-10232

CVSS3: 9.8

ubuntu

почти 6 лет назад

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

CVE-2020-10232

CVSS3: 9.8

nvd

почти 6 лет назад

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

GHSA-jv4c-q5cf-97rm

CVSS3: 9.8

github

больше 3 лет назад

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.