3.3
CVE-2026-35344
- EPSS 0.12%
- Veröffentlicht 22.04.2026 16:07:46
- Zuletzt bearbeitet 04.05.2026 20:09:48
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
Loginuutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression
The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup or migration scripts, as the utility may report a successful operation even when the destination file contains old or garbage data.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.018 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@ubuntu.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-252 Unchecked Return Value
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
https://github.com/uutils/coreutils/issues/9745