Gnu

Coreutils

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2024-0684

  • EPSS 0.07%
  • Veröffentlicht 06.02.2024 09:15:52
  • Zuletzt bearbeitet 21.11.2024 08:47:08

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

7.8

CVE-2015-4041

Exploit
  • EPSS 0.07%
  • Veröffentlicht 24.01.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 02:30:20

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (...

9.8

CVE-2015-4042

Exploit
  • EPSS 0.39%
  • Veröffentlicht 24.01.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 02:30:20

Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

4.7

CVE-2017-18018

Exploit
  • EPSS 0.06%
  • Veröffentlicht 04.01.2018 04:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:27

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a ra...

4.7

CVE-2015-1865

  • EPSS 0.08%
  • Veröffentlicht 20.09.2017 18:29:00
  • Zuletzt bearbeitet 06.08.2025 22:15:27

fts.c in coreutils 8.4 allows local users to delete arbitrary files.

6.5

CVE-2016-2781

  • EPSS 0.07%
  • Veröffentlicht 07.02.2017 15:59:00
  • Zuletzt bearbeitet 09.06.2025 16:15:25

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

7.5

CVE-2014-9471

Exploit
  • EPSS 3.09%
  • Veröffentlicht 16.01.2015 16:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date comman...

4.4

CVE-2009-4135

  • EPSS 0.03%
  • Veröffentlicht 11.12.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

4.4

CVE-2008-1946

  • EPSS 0.07%
  • Veröffentlicht 28.07.2008 17:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.s...

3.7

CVE-2005-1039

  • EPSS 0.04%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.