Low severity3.3NVD Advisory· Published Apr 22, 2026· Updated May 4, 2026
CVE-2026-35344
CVE-2026-35344
Description
The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup or migration scripts, as the utility may report a successful operation even when the destination file contains old or garbage data.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
coreutilscrates.io | <= 0.8.0 | — |
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-wh8p-h9hw-x2mcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-35344ghsaADVISORY
- github.com/uutils/coreutils/issues/9745nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.