Low severity3.3NVD Advisory· Published Apr 22, 2026· Updated May 4, 2026
CVE-2026-35344
CVE-2026-35344
Description
The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup or migration scripts, as the utility may report a successful operation even when the destination file contains old or garbage data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
coreutilscrates.io | <= 0.8.0 | — |
Affected products
5- osv-coords3 versions
< 0.9.0-r0+ 2 more
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: < 0.9.0-r0
- (no CPE)range: <= 0.8.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-wh8p-h9hw-x2mcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-35344ghsaADVISORY
- github.com/uutils/coreutils/issues/9745nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.