CVE-2026-35377

EPSS 0.1%
Veröffentlicht 22.04.2026 16:09:12
Zuletzt bearbeitet 24.04.2026 19:06:46
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quotes are treated literally (with the exceptions of \\ and \'). However, the uutils implementation incorrectly attempts to validate these sequences, resulting in an "invalid sequence" error and an immediate process termination with an exit status of 125 when encountering valid but unrecognized sequences like \a or \x. This divergence from GNU behavior breaks compatibility for automated scripts and administrative workflows that rely on standard split-string semantics, leading to a local denial of service for those operations.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Uutils ≫ Coreutils Version- SwPlatformrust

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.012

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@ubuntu.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/uutils/coreutils/pull/11512

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2026-35377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-35377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-35377

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-35377