{"id":"UBUNTU-CVE-2018-19497","details":"In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).","modified":"2026-04-22T11:50:30.714510Z","published":"2018-11-29T23:29:00Z","upstream":["CVE-2018-19497"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19497"},{"type":"REPORT","url":"https://github.com/sleuthkit/sleuthkit/pull/1374"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-19497"}],"affected":[{"package":{"name":"sleuthkit","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/sleuthkit@4.4.2-3?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.4.2-1","4.4.2-3"],"ecosystem_specific":{"binaries":[{"binary_name":"libtsk13","binary_version":"4.4.2-3"},{"binary_name":"sleuthkit","binary_version":"4.4.2-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-19497.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}