CRITICAL🇬🇧 English

CVE-2018-1000838

CVSS 10.0v3.0pub. 2018-12-20upd. 2024-11-21

autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Sleuthkit Autopsy

    APP
    Sleuthkit
    ≤ 4.9.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRFDoSXXE
CWE
Referencje

Powiązane podatności

CVE-2020-10232CRITICAL9.8ten sam vendor

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YA...

CVE-2020-10233CRITICAL9.1ten sam vendor

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lo...

CVE-2019-14531CRITICAL9.8ten sam vendor

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing...

CVE-2019-14532CRITICAL9.8ten sam vendor

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on...

CVE-2026-40024HIGH8.4ten sam vendor

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker t...