CVE-2020-10232

moderate-risk
Published 2020-03-09

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 459ae818fc8dae717549810150de4d191ce158f1
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (6)

The Sleuth Kit

Affected Vendors

Debian Fedoraproject Sleuthkit

References (12)

Patch https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191c...
Mailing List https://lists.debian.org/debian-lts-announce/2020/03/msg00011.html
Mailing List https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Patch https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191c...
Mailing List https://lists.debian.org/debian-lts-announce/2020/03/msg00011.html
Mailing List https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
49
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 13/34 · Low