Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-0684

Published: 06/02/2024 Updated: 14/02/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Gnu

Vulnerability Summary

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu coreutils 9.2

gnu coreutils 9.3

gnu coreutils 9.4

Vendor Advisories

Debian CVElist Bug Report Logs: coreutils: CVE-2024-0684: heap overflow in split --line-bytes with very long lines
Debian Bug report logs - #1061138 coreutils: CVE-2024-0684: heap overflow in split --line-bytes with very long lines Package: src:coreutils; Maintainer for src:coreutils is Michael Stone <mstone@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Jan 2024 05:21:01 UTC Severity: grave Tags ...
Red Hat:
Description<!---->A flaw was found in the GNU coreutils &amp;quot;split&amp;quot; program A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of serviceA flaw was found in the GNU coreutils "split" program A heap overf ...

Mailing Lists

Full Disclosure: Re: GNU coreutils v9.4; v9.3; v9.2 split heap buffer overflow vulnerability
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: GNU coreutils v94; v93; v92 split heap buffer overflow vulnerability <!--X-Subject-Header-End--> <!--X-Head-of-Message- ...

Github Repositories

https://github.com/Valentin-Metz/writeup_split

Writeup of a heap overflow vulnerability in the GNU coreutils split program. CVE-2024-0684

Abstract CVE-2024-0684 A vulnerability in the GNU coreutils "split" program allows for a heap buffer overflow with user controlled data It was introduced in 40bf1591bb4362fa91e501bcec7c2029c5f65a43 on 2023-03-04 A fix has been released with c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 on 2024-01-17 Affected versions: GNU coreutils v94; v93; v92 Proof of concept: The

References

CWE-787https://access.redhat.com/security/cve/CVE-2024-0684https://bugzilla.redhat.com/show_bug.cgi?id=2258948https://www.openwall.com/lists/oss-security/2024/01/18/2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061138https://nvd.nist.govhttps://github.com/Valentin-Metz/writeup_splithttps://access.redhat.com/security/cve/cve-2024-0684
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook