Vulnerabilities > CVE-2017-13756 - Infinite Loop vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

sleuthkit

debian

CWE-835

NVD

Published: 2017-08-29

Updated: 2022-11-29

Summary

In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.

Vulnerable Configurations

Part	Description	Count
Application	Sleuthkit Sleuthkit THE Sleuth KIT 4.4.2	1
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/sleuthkit/sleuthkit/issues/914
https://lists.debian.org/debian-lts-announce/2022/06/msg00015.html