VYPR

Coreutils

by Uutils

cargo: coreutils

Source repositories

CVEs (44)

  • CVE-2026-35353LowApr 22, 2026
    risk 0.14cvss 3.3epss 0.00

    The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them to the requested mode via a separate chmod system call. In multi-user…

  • CVE-2026-35346LowApr 22, 2026
    risk 0.14cvss 3.3epss 0.00

    The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD). This behavior…

  • CVE-2026-35343LowApr 22, 2026
    risk 0.14cvss 3.3epss 0.00

    The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited flag in the cut_fields_newline_char_delim function, causing the utility to print…

  • CVE-2026-35342LowApr 22, 2026
    risk 0.14cvss 3.3epss 0.00

    The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be…

Page 3 of 3