rpm package
opensuse/coreutils&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/coreutils&distro=openSUSE%20Tumbleweed
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5278 | Med | 4.4 | < 9.7-3.1 | 9.7-3.1 | May 27, 2025 | A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a cra | |
| CVE-2024-0684 | — | < 9.4-3.1 | 9.4-3.1 | Feb 6, 2024 | A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. | ||
| CVE-2015-4042 | — | < 8.26-1.1 | 8.26-1.1 | Jan 24, 2020 | Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | ||
| CVE-2015-4041 | — | < 8.26-1.1 | 8.26-1.1 | Jan 24, 2020 | The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and | ||
| CVE-2018-1063 | Med | 4.4 | < 3.2-1.4 | 3.2-1.4 | Mar 2, 2018 | Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taki | |
| CVE-2017-7476 | Cri | 9.8 | < 8.32-8.5 | 8.32-8.5 | May 2, 2017 | Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. | |
| CVE-2016-7545 | Hig | 8.8 | < 3.2-1.4 | 3.2-1.4 | Jan 19, 2017 | SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | |
| CVE-2013-0223 | — | < 8.26-1.1 | 8.26-1.1 | Nov 23, 2013 | The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. | ||
| CVE-2013-0222 | — | < 8.26-1.1 | 8.26-1.1 | Nov 23, 2013 | The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. | ||
| CVE-2013-0221 | — | < 8.26-1.1 | 8.26-1.1 | Nov 23, 2013 | The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca |
- affected < 9.7-3.1fixed 9.7-3.1
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a cra
- CVE-2024-0684Feb 6, 2024affected < 9.4-3.1fixed 9.4-3.1
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
- CVE-2015-4042Jan 24, 2020affected < 8.26-1.1fixed 8.26-1.1
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
- CVE-2015-4041Jan 24, 2020affected < 8.26-1.1fixed 8.26-1.1
The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and
- affected < 3.2-1.4fixed 3.2-1.4
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taki
- affected < 8.32-8.5fixed 8.32-8.5
Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.
- affected < 3.2-1.4fixed 3.2-1.4
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
- CVE-2013-0223Nov 23, 2013affected < 8.26-1.1fixed 8.26-1.1
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.
- CVE-2013-0222Nov 23, 2013affected < 8.26-1.1fixed 8.26-1.1
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
- CVE-2013-0221Nov 23, 2013affected < 8.26-1.1fixed 8.26-1.1
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca