VYPR
Vendor

Coreutils

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2017-18018HigJan 4, 2018
    risk 0.46cvss 7.1epss 0.00

    In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

  • CVE-2025-5278MedMay 27, 2025
    risk 0.22cvss 4.4epss 0.00

    A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a…

  • CVE-2024-0684Feb 6, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

  • CVE-2018-17942HigOct 3, 2018
    risk 0.00cvss 8.8epss 0.03

    The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.

  • CVE-2005-1039May 2, 2005
    risk 0.00cvss epss 0.00

    Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.