CVE-2024-0684

2024-02-0609:15:52

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

cve-2024-0684

gnu coreutils

split program

heap overflow

user-controlled data

line_bytes_split function

application crash

denial of service

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

A flaw was found in the GNU coreutils “split” program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

Affected configurations

Nvd

Node

gnucoreutilsMatch9.2

gnucoreutilsMatch9.3

gnucoreutilsMatch9.4

VendorProductVersionCPE
gnucoreutils9.2cpe:2.3:a:gnu:coreutils:9.2:*:*:*:*:*:*:*
gnucoreutils9.3cpe:2.3:a:gnu:coreutils:9.3:*:*:*:*:*:*:*
gnucoreutils9.4cpe:2.3:a:gnu:coreutils:9.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	coreutils	9.2	cpe:2.3:a:gnu:coreutils:9.2:::::::*
gnu	coreutils	9.3	cpe:2.3:a:gnu:coreutils:9.3:::::::*
gnu	coreutils	9.4	cpe:2.3:a:gnu:coreutils:9.4:::::::*