The keycompare_mb function in sort.c in sort in GNU Coreutils up to and including 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu coreutils |