VYPR

rpm package

opensuse/coreutils&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/coreutils&distro=openSUSE%20Tumbleweed

Vulnerabilities (10)

  • CVE-2025-5278MedMay 27, 2025
    affected < 9.7-3.1fixed 9.7-3.1

    A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a cra

  • CVE-2024-0684Feb 6, 2024
    affected < 9.4-3.1fixed 9.4-3.1

    A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

  • CVE-2015-4042Jan 24, 2020
    affected < 8.26-1.1fixed 8.26-1.1

    Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

  • CVE-2015-4041Jan 24, 2020
    affected < 8.26-1.1fixed 8.26-1.1

    The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and

  • CVE-2018-1063MedMar 2, 2018
    affected < 3.2-1.4fixed 3.2-1.4

    Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taki

  • CVE-2017-7476CriMay 2, 2017
    affected < 8.32-8.5fixed 8.32-8.5

    Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.

  • CVE-2016-7545HigJan 19, 2017
    affected < 3.2-1.4fixed 3.2-1.4

    SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

  • CVE-2013-0223Nov 23, 2013
    affected < 8.26-1.1fixed 8.26-1.1

    The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

  • CVE-2013-0222Nov 23, 2013
    affected < 8.26-1.1fixed 8.26-1.1

    The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

  • CVE-2013-0221Nov 23, 2013
    affected < 8.26-1.1fixed 8.26-1.1

    The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca