CVE-2024-0684

2024-02-0609:15:52

CWE-787

CWE-122

fedora

web.nvd.nist.gov

cve-2024-0684

flaw

gnu coreutils

split program

heap overflow

line_bytes_split

denial of service

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

A flaw was found in the GNU coreutils “split” program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

Affected configurations

Nvd

Node

gnucoreutilsMatch9.2

gnucoreutilsMatch9.3

gnucoreutilsMatch9.4

VendorProductVersionCPE
gnucoreutils9.2cpe:2.3:a:gnu:coreutils:9.2:*:*:*:*:*:*:*
gnucoreutils9.3cpe:2.3:a:gnu:coreutils:9.3:*:*:*:*:*:*:*
gnucoreutils9.4cpe:2.3:a:gnu:coreutils:9.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	coreutils	9.2	cpe:2.3:a:gnu:coreutils:9.2:::::::*
gnu	coreutils	9.3	cpe:2.3:a:gnu:coreutils:9.3:::::::*
gnu	coreutils	9.4	cpe:2.3:a:gnu:coreutils:9.4:::::::*

CNA Affected

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "v9.2"
      },
      {
        "status": "affected",
        "version": "v9.3"
      },
      {
        "status": "affected",
        "version": "v9.4"
      },
      {
        "status": "unaffected",
        "version": "v9.5"
      }
    ],
    "packageName": "coreutils",
    "collectionURL": "https://git.savannah.gnu.org/gitweb/?p=coreutils.git",
    "defaultStatus": "unaffected"
  }
]