Coreutils Security Vulnerabilities and Issues — Coreutils CVE List

Lucene search

GnuCoreutils

10 matches found

CVE•added 2017/02/07 3:59 p.m.•265 views

CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

6.5CVSS6.1AI score0.00065EPSS

CVE•added 2024/02/06 9:15 a.m.•98 views

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

5.5CVSS5.3AI score0.00073EPSS

CVE•added 2018/01/04 4:29 a.m.•87 views

CVE-2017-18018

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

7.1CVSS4.6AI score0.00056EPSS

CVE•added 2020/01/24 5:15 p.m.•75 views

CVE-2015-4041

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash)...

7.8CVSS9AI score0.00066EPSS

CVE•added 2015/01/16 4:59 p.m.•69 views

CVE-2014-9471

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

7.5CVSS7.7AI score0.02732EPSS

CVE•added 2020/01/24 5:15 p.m.•63 views

CVE-2015-4042

Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

9.8CVSS9.7AI score0.00391EPSS

CVE•added 2009/12/11 4:30 p.m.•61 views

CVE-2009-4135

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

4.4CVSS6AI score0.00032EPSS

CVE•added 2008/07/28 5:41 p.m.•51 views

CVE-2008-1946

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.

4.4CVSS6.2AI score0.00069EPSS

CVE•added 2005/05/02 4:0 a.m.•44 views

CVE-2005-1039

Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.

3.7CVSS6.3AI score0.00044EPSS

CVE•added 2017/09/20 6:29 p.m.•41 views

CVE-2015-1865

fts.c in coreutils 8.4 allows local users to delete arbitrary files.

4.7CVSS4.7AI score0.00081EPSS