Untriaged
Permalink
CVE-2024-0684
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Coreutils: heap overflow in split --line-bytes with very long lines
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
References
- RHBZ#2258948 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/18/2
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry
- RHBZ#2258948 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/18/2
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry
- RHBZ#2258948 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/18/2
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry
- RHBZ#2258948 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/18/2
- https://www.openwall.com/lists/oss-security/2024/01/18/2 x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258948 issue-tracking x_refsource_REDHAT x_transferred
- https://www.openwall.com/lists/oss-security/2024/01/18/2
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry
- RHBZ#2258948 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258948 issue-tracking x_refsource_REDHAT x_transferred
- https://www.openwall.com/lists/oss-security/2024/01/18/2 x_transferred
- https://security.netapp.com/advisory/ntap-20240808-0001/
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry
- RHBZ#2258948 issue-tracking x_refsource_REDHAT
- https://www.openwall.com/lists/oss-security/2024/01/18/2
- https://access.redhat.com/security/cve/CVE-2024-0684 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258948 issue-tracking x_refsource_REDHAT x_transferred
- https://www.openwall.com/lists/oss-security/2024/01/18/2 x_transferred
- https://security.netapp.com/advisory/ntap-20240808-0001/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
Affected products
coreutils
- ==v9.2
- ==9.2
- ==v9.3
- ==v9.4
- ==v9.5
Matching in nixpkgs
pkgs.coreutils-full
GNU Core Utilities
-
nixos-unstable -
- nixpkgs-unstable 9.7
pkgs.policycoreutils
SELinux policy core utilities
-
nixos-unstable -
- nixpkgs-unstable 3.8.1
pkgs.uutils-coreutils
Cross-platform Rust rewrite of the GNU coreutils
-
nixos-unstable -
- nixpkgs-unstable 0.2.2
pkgs.coreutils-prefixed
GNU Core Utilities
-
nixos-unstable -
- nixpkgs-unstable 9.7
pkgs.uutils-coreutils-noprefix
Cross-platform Rust rewrite of the GNU coreutils
-
nixos-unstable -
- nixpkgs-unstable 0.2.2
Package maintainers
-
@dasJ Janne Heß <janne@hess.ooo>
-
@RossComputerGuy Tristan Ross <tristan.ross@midstall.com>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@matthiasbeyer Matthias Beyer <mail@beyermatthias.de>
-
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>