OESA-2025-2106
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2106
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2106.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-2106
- Upstream
- Published
- 2025-09-05T12:39:51Z
- Modified
- 2025-09-05T13:18:01.922412Z
- Summary
- sleuthkit security update
- Details
-
The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, EXT3FS and ExFAT file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.
Security Fix(es):
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c.(CVE-2020-10232)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:22.03-LTS-SP4 / sleuthkit
Package
- Name
- sleuthkit
- Purl
- pkg:rpm/openEuler/sleuthkit&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.6.7-13.oe2203sp4
Ecosystem specific
{
"src": [
"sleuthkit-4.6.7-13.oe2203sp4.src.rpm"
],
"x86_64": [
"sleuthkit-4.6.7-13.oe2203sp4.x86_64.rpm",
"sleuthkit-debuginfo-4.6.7-13.oe2203sp4.x86_64.rpm",
"sleuthkit-debugsource-4.6.7-13.oe2203sp4.x86_64.rpm",
"sleuthkit-devel-4.6.7-13.oe2203sp4.x86_64.rpm",
"sleuthkit-help-4.6.7-13.oe2203sp4.x86_64.rpm"
],
"aarch64": [
"sleuthkit-4.6.7-13.oe2203sp4.aarch64.rpm",
"sleuthkit-debuginfo-4.6.7-13.oe2203sp4.aarch64.rpm",
"sleuthkit-debugsource-4.6.7-13.oe2203sp4.aarch64.rpm",
"sleuthkit-devel-4.6.7-13.oe2203sp4.aarch64.rpm",
"sleuthkit-help-4.6.7-13.oe2203sp4.aarch64.rpm"
]
}