HIGH🇵🇱 Wersja polska

CVE-2022-45639

CVSS 7.8v3.1pub. 2023-01-24upd. 2025-04-02

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Sleuthkit The Sleuth Kit

    APP
    Sleuthkit
    4.11.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2020-10232CRITICAL9.8ten sam produkt

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YA...

CVE-2020-10233CRITICAL9.1ten sam produkt

In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lo...

CVE-2019-14531CRITICAL9.8ten sam produkt

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing...

CVE-2019-14532CRITICAL9.8ten sam produkt

An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on...

CVE-2026-40024HIGH8.4ten sam produkt

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker t...