CVE-2022-45639
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
24/01/2023
Last modified:
02/04/2025
Description
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sleuthkit:the_sleuth_kit:4.11.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/171649/Sleuthkit-4.11.1-Command-Injection.html
- http://www.binaryworld.it/
- https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639
- http://packetstormsecurity.com/files/171649/Sleuthkit-4.11.1-Command-Injection.html
- http://www.binaryworld.it/
- https://www.binaryworld.it/guidepoc.asp#CVE-2022-45639