A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-14
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Max CVSS
4.7
EPSS Score
0.04%
Published
2018-01-04
Updated
2018-01-19
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Max CVSS
6.5
EPSS Score
0.04%
Published
2017-02-07
Updated
2021-02-25
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
Max CVSS
9.8
EPSS Score
0.37%
Published
2020-01-24
Updated
2020-02-01
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.
Max CVSS
7.8
EPSS Score
0.06%
Published
2020-01-24
Updated
2020-02-01
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
Max CVSS
4.7
EPSS Score
0.04%
Published
2017-09-20
Updated
2017-09-27
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
Max CVSS
7.5
EPSS Score
1.77%
Published
2015-01-16
Updated
2020-12-08
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
Max CVSS
4.4
EPSS Score
0.04%
Published
2009-12-11
Updated
2023-02-13
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
Max CVSS
4.4
EPSS Score
0.04%
Published
2008-07-28
Updated
2017-09-29
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
Max CVSS
3.7
EPSS Score
0.04%
Published
2005-05-02
Updated
2008-09-05
10 vulnerabilities found