Mobasi discloses 3 vulnerabilities in bulk_extractor and unfurl

As part of our Sentinel security review program, Mobasi identified three security vulnerabilities in two widely-used digital forensics tools: bulk_extractor and unfurl. We followed responsible disclosure practices and these vulnerabilities were accepted and published by project maintainers.

Disclosed vulnerabilities

Heap Overflow Attack in bulk_extractor (High)
A heap overflow vulnerability that could allow attackers to execute arbitrary code when processing malicious input. View advisory →

Permanent Debug Mode in unfurl (Critical)
A critical misconfiguration that leaves debug mode permanently enabled, potentially opening up remote code execution. View advisory →

Decompression Bomb DoS in unfurl (Medium)
A denial-of-service vulnerability via decompression bomb that could exhaust system resources. View advisory →

Responsible disclosure

We follow responsible disclosure practices for all findings. This means notifying maintainers privately, allowing time for validation and remediation if necessary. We're grateful to the maintainers of both projects for their responsiveness in working toward fixes.

Ongoing work

These three disclosures are part of our larger Sentinel security review program. We have additional findings across other forensics tools currently in the responsible disclosure process with maintainers.