CVE-2018-11738
First published: Tue Jun 05 2018(Updated: )
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| The Sleuth Kit | >=4.0.2<=4.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-11738?
CVE-2018-11738 is considered a medium severity vulnerability due to its potential to cause information disclosure through out-of-bounds reads.
How do I fix CVE-2018-11738?
To fix CVE-2018-11738, update The Sleuth Kit to a version later than 4.6.1.
What versions of The Sleuth Kit are affected by CVE-2018-11738?
CVE-2018-11738 affects The Sleuth Kit versions from 4.0.2 to 4.6.1.
Can CVE-2018-11738 lead to remote exploitation?
CVE-2018-11738 does not appear to be directly exploitable for remote attacks, but information disclosure may provide insights that aid in further exploitation.
What component of The Sleuth Kit is impacted by CVE-2018-11738?
CVE-2018-11738 specifically impacts the libtskfs.a component of The Sleuth Kit, particularly in the ntfs_make_data_run function.
- agent/type
- agent/softwarecombine
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sleuthkit
- canonical/the sleuth kit
- version/the sleuth kit/4.0.2
- version/the sleuth kit/4.6.1