CVE-2022-45639

Name of the Vulnerable Software and Affected Versions sleuthkit fls tool version 4.11.1

Description The issue allows attackers to execute arbitrary commands via a crafted value to the m parameter. This is an OS Command injection vulnerability. Note that there is a dispute regarding the impact of this issue, as some parties claim that the backtick command does not execute outside the context of the user account that entered the command line.

Recommendations For sleuthkit fls tool version 4.11.1, consider restricting the use of the m parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using crafted values for the m parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.