Primary

Context

The Sleuth Kit APFS Filesystem Keybag Parser Out-of-Bounds Read Vulnerability

Vulnerability

Patched

A vulnerability allowing out-of-bounds read has been identified in The Sleuth Kit versions through 4.14.0. This issue resides in the APFS filesystem keybag parser, where the 'wrapped_key_parser' class improperly handles length fields controlled by attackers, leading to unauthorized heap reads beyond the allocated buffer. An attacker could create a malicious APFS disk image that, when processed by any Sleuth Kit tool that analyzes APFS volumes, could cause information disclosure or a crash.

Impact

Exploitation of this vulnerability can result in unauthorized information disclosure or a crash of the application.

Remediation

Users can upgrade to The Sleuth Kit version 4.14.1 or later to address this vulnerability.

Added: Apr 9, 2026, 12:14 AM

Updated: Apr 9, 2026, 12:14 AM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

1.3

exploitability

4.9

remediation

7.7

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

1.3

exploitability

4.9

remediation

7.7

relevance

5.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

The Sleuth Kit APFS Filesystem Keybag Parser Out-of-Bounds Read Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Sleuth Kit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating