The Sleuth Kit® (TSK) is a library and collection of command line digital forensics tools that allow you to investigate volume and file system data. The library can be incorporated into larger digital forensics tools and the command line tools can be directly used to find evidence.
I would like to report a security vulnerability in SleuthKit.
There is an out of bound read on iso9660 while parsing System Use Sharing Protocol data.
On the parse_susp function, while parsing an ER entry, it will try to read the different Extension strings.
However, there is no control of the size fields and they will read out of the buf size bound.
Please let me know when you have fixed the vulnerability so that I can coordinate my disclosure with yours. For reference, here is a link to Semmle's vulnerability disclosure policy: https://lgtm.com/security#disclosure_policy
Dear sleuthkit team,
I would like to report a security vulnerability in SleuthKit.
There is an out of bound read on iso9660 while parsing System Use Sharing Protocol data.
On the parse_susp function, while parsing an ER entry, it will try to read the different Extension strings. However, there is no control of the size fields and they will read out of the buf size bound.
This could be trigger through the istat tool:
nico@genmaicha:~/Semmle/Projects/SleuthKit/sleuthkit/tools/fstools$ ./istat ~/Images/sample.iso 1Entry: 1 Type: Directory Links: 1 Flags: Name: DIR1 Size: 2048
Rock Ridge Extension Data ER Entry
Please let me know if you need my proof of concept ISO file since I can't attach it through github report System
The exact line could be found here: https://lgtm.com/projects/g/sleuthkit/sleuthkit/snapshot/09ed6f84870b18aec51cbb9373e226d04264da8f/files/tsk/fs/iso9660.c?sort=name&dir=ASC&mode=heatmap#L215
Please let me know when you have fixed the vulnerability so that I can coordinate my disclosure with yours. For reference, here is a link to Semmle's vulnerability disclosure policy: https://lgtm.com/security#disclosure_policy
Thank you,
Nico Waisman Semmle Security Research Team