CNNVD-202601-4639 Information

CNNVD ID

CNNVD-202601-4639

Related CVE

CVE-2026-24857

• CNNVD Published: 2026-01-28

Description (Chinese)

Building bulk_extractor是Simson L. Garfinkel个人开发者的一款高性能数字取证分析工具。 Building bulk_extractor 1.4及之后版本存在安全漏洞，该漏洞源于其嵌入式unrar代码在RAR PPM LZ解码路径中存在堆缓冲区溢出，可能导致越界写入、崩溃或内存损坏，并可能用于远程代码执行。

Description (English)

Building Bulk extractor is a high-performance digital evidence analysis tool for the Simson L. Garfinkel personal developer. There is a security loophole in Building Bulk extractor 1.4 and later versions, which stems from the spilling of the embedded unrar code into the RAR PPM LZ decoded path, which can lead to cross-border writing, collapse or memory damage and may be used for remote code enforcement.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/simsong/bulk_extractor/security/advisories/GHSA-rh8m-9xrx-q64q