Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu coreutils vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2024-0684
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Gnu Coreutils 9.2
Gnu Coreutils 9.3
Gnu Coreutils 9.4
1 Github repository
7.5
CVSSv3
CVE-2023-49298
OpenZFS up to and including 2.1.13 and 2.2.x up to and including 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this is...
Openzfs Openzfs
Openzfs Openzfs 2.2.0
7.8
CVSSv3
CVE-2015-4041
The keycompare_mb function in sort.c in sort in GNU Coreutils up to and including 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows malicious users to cause a denial of service (heap-based b...
Gnu Coreutils
9.8
CVSSv3
CVE-2015-4042
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils up to and including 8.23 might allow malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
Gnu Coreutils
4.7
CVSSv3
CVE-2017-18018
In GNU Coreutils up to and including 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condi...
Gnu Coreutils
2 Github repositories
4.7
CVSSv3
CVE-2015-1865
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
Gnu Coreutils 8.4
6.5
CVSSv3
CVE-2016-2781
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Gnu Coreutils
7 Github repositories
NA
CVE-2014-9471
The parse_datetime function in GNU coreutils allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date comma...
Gnu Coreutils
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
NA
CVE-2013-0221
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the ...
Redhat Enterprise Linux 6.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
1 EDB exploit
NA
CVE-2013-0222
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
Redhat Enterprise Linux 6.0
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »