{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"sleuthkit security update", "category":"general", "title":"Synopsis" }, { "text":"An update for sleuthkit is now available for openEuler-22.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system forensic tools that allow an investigator to examine NTFS, FAT, FFS, EXT2FS, EXT3FS and ExFAT file systems of a suspect computer in a non-intrusive fashion. The tools have a layer-based design and can extract data from internal file system structures. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.\n\nSecurity Fix(es):\n\nA path traversal vulnerability exists in the tsk_recover tool of The Sleuth Kit through version 4.14.0. An attacker can craft a malicious filesystem image containing filenames or directory paths with path traversal sequences (e.g., /../). When processed by tsk_recover, this can cause files to be written to arbitrary locations outside the intended output directory. This could potentially lead to code execution by overwriting critical files such as shell configuration files or cron entries.(CVE-2026-40024)\n\nThe Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.(CVE-2026-40026)", "category":"general", "title":"Description" }, { "text":"An update for sleuthkit is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"sleuthkit", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1935", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1935" }, { "summary":"CVE-2026-40024", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40024&packageName=sleuthkit" }, { "summary":"CVE-2026-40026", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40026&packageName=sleuthkit" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40024" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40026" }, { "summary":"openEuler-SA-2026-1935 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1935.json" } ], "title":"An update for sleuthkit is now available for openEuler-22.03-LTS-SP4", "tracking":{ "initial_release_date":"2026-04-17T21:04:24+08:00", "revision_history":[ { "date":"2026-04-17T21:04:24+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-04-17T21:04:24+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-04-17T21:04:24+08:00", "id":"openEuler-SA-2026-1935", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-4.6.7-14.oe2203sp4.aarch64.rpm", "name":"sleuthkit-4.6.7-14.oe2203sp4.aarch64.rpm" }, "name":"sleuthkit-4.6.7-14.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.aarch64.rpm", "name":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.aarch64.rpm" }, "name":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.aarch64.rpm", "name":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.aarch64.rpm" }, "name":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-devel-4.6.7-14.oe2203sp4.aarch64.rpm", "name":"sleuthkit-devel-4.6.7-14.oe2203sp4.aarch64.rpm" }, "name":"sleuthkit-devel-4.6.7-14.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-help-4.6.7-14.oe2203sp4.aarch64.rpm", "name":"sleuthkit-help-4.6.7-14.oe2203sp4.aarch64.rpm" }, "name":"sleuthkit-help-4.6.7-14.oe2203sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-4.6.7-14.oe2203sp4.src.rpm", "name":"sleuthkit-4.6.7-14.oe2203sp4.src.rpm" }, "name":"sleuthkit-4.6.7-14.oe2203sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-4.6.7-14.oe2203sp4.x86_64.rpm", "name":"sleuthkit-4.6.7-14.oe2203sp4.x86_64.rpm" }, "name":"sleuthkit-4.6.7-14.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.x86_64.rpm", "name":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.x86_64.rpm" }, "name":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.x86_64.rpm", "name":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.x86_64.rpm" }, "name":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-devel-4.6.7-14.oe2203sp4.x86_64.rpm", "name":"sleuthkit-devel-4.6.7-14.oe2203sp4.x86_64.rpm" }, "name":"sleuthkit-devel-4.6.7-14.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"sleuthkit-help-4.6.7-14.oe2203sp4.x86_64.rpm", "name":"sleuthkit-help-4.6.7-14.oe2203sp4.x86_64.rpm" }, "name":"sleuthkit-help-4.6.7-14.oe2203sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-4.6.7-14.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-4.6.7-14.oe2203sp4.aarch64", "name":"sleuthkit-4.6.7-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-debuginfo-4.6.7-14.oe2203sp4.aarch64", "name":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-debugsource-4.6.7-14.oe2203sp4.aarch64", "name":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-devel-4.6.7-14.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-devel-4.6.7-14.oe2203sp4.aarch64", "name":"sleuthkit-devel-4.6.7-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-help-4.6.7-14.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-help-4.6.7-14.oe2203sp4.aarch64", "name":"sleuthkit-help-4.6.7-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-4.6.7-14.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-4.6.7-14.oe2203sp4.src", "name":"sleuthkit-4.6.7-14.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-4.6.7-14.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-4.6.7-14.oe2203sp4.x86_64", "name":"sleuthkit-4.6.7-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-debuginfo-4.6.7-14.oe2203sp4.x86_64", "name":"sleuthkit-debuginfo-4.6.7-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-debugsource-4.6.7-14.oe2203sp4.x86_64", "name":"sleuthkit-debugsource-4.6.7-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-devel-4.6.7-14.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-devel-4.6.7-14.oe2203sp4.x86_64", "name":"sleuthkit-devel-4.6.7-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"sleuthkit-help-4.6.7-14.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:sleuthkit-help-4.6.7-14.oe2203sp4.x86_64", "name":"sleuthkit-help-4.6.7-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-40024", "notes":[ { "text":"A path traversal vulnerability exists in the tsk_recover tool of The Sleuth Kit through version 4.14.0. An attacker can craft a malicious filesystem image containing filenames or directory paths with path traversal sequences (e.g., /../). When processed by tsk_recover, this can cause files to be written to arbitrary locations outside the intended output directory. This could potentially lead to code execution by overwriting critical files such as shell configuration files or cron entries.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:sleuthkit-4.6.7-14.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:sleuthkit-debuginfo-4.6.7-14.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:sleuthkit-debugsource-4.6.7-14.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:sleuthkit-devel-4.6.7-14.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:sleuthkit-help-4.6.7-14.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:sleuthkit-4.6.7-14.oe2203sp4.src", "openEuler-22.03-LTS-SP4:sleuthkit-4.6.7-14.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:sleuthkit-debuginfo-4.6.7-14.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:sleuthkit-debugsource-4.6.7-14.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:sleuthkit-devel-4.6.7-14.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:sleuthkit-help-4.6.7-14.oe2203sp4.x86_64" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"sleuthkit security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1935" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.4, "vectorString":"CVSS:3.1/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-40024" }, { "cve":"CVE-2026-40026", "notes":[ { "text":"The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"sleuthkit security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1935" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.4, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-40026" } ] }