CVE-2016-2781

CVE-2016-2781: chroot in GNU coreutils, when used with --userspec, is vulnerable to local privilege escalation via a crafted TIOCSTI ioctl that injects characters into the terminal input buffer, enabling a local user to escape to the parent session. Affected component is chroot in coreutils; root...

CVE-2024-0684

CVE-2024-0684 affects GNU coreutils split. A heap overflow in line_bytes_split() can be triggered by user-controlled data of hundreds of bytes, potentially causing an application crash and denial of service. Affected: coreutils split in vulnerable versions prior to fixed release. Public details i...

CVE-2017-18018

CVE-2017-18018 affects GNU Coreutils up to version 8.29, where chown-core.c in chown/chgrp fails to prevent replacing a plain file with a symlink when using POSIX -R -L, enabling a local user to modify ownership of arbitrary files via a race. IBM/CP4S remediation applies: Cloud Pak for Security i...

CVE-2015-4041

CVE-2015-4041 affects GNU Coreutils (sort, sort.c, keycompare_mb) on 64-bit platforms. The vulnerability arises from a size calculation in keycompare_mb that does not account for the number of bytes occupied by multibyte UTF-8 characters, enabling a heap-based overflow under long UTF-8 strings an...

CVE-2014-9471

CVE-2014-9471 refers to a vulnerability in GNU coreutils where the parse_datetime() function can be triggered by a crafted date string (e.g., --date=TZ="123"345) to cause a crash or potentially execute arbitrary code. The initial description explicitly mentions denial of service (crash) and possi...

CVE-2015-4042

CVE-2015-4042 affects GNU Coreutils (sort) up to version 8.23, where the keycompare_mb function in sort.c uses a size calculation that does not account for multibyte characters. This can allow a specially crafted long UTF-8 string to trigger an integer overflow, potentially causing a denial of se...

CVE-2009-4135

CVE-2009-4135 affects GNU Coreutils (versions 5.2.1–8.1). The issue lies in the distcheck rule in dist-check.mk, enabling a local user to gain privileges via a symbolic-link attack to a file under /tmp. Multiple advisories confirm an insecure temporary file handling as the root cause; several fee...

CVE-2008-1946

The CVE-2008-1946 entry concerns GNU coreutils 5.2.1 where the default PAM config for su in /etc/pam.d/su mishandles pam_succeed_if.so, enabling any local user to switch to a locked or expired account by supplying an account name on the command line. Concrete details show the affected component (...

CVE-2005-1039

CVE-2005-1039 describes a race condition in Core Utilities (coreutils) 5.2.1. When running mkdir, mknod, or mkfifo with the -m switch, local users can modify permissions of other files. Connected sources (Red Hat, Ubuntu, Debian, OSV, NVD, etc.) reiterate the same description. The provided docume...

CVE-2015-1865

CVE-2015-1865 affects coreutils 8.4, specifically the fts.c component, enabling local users to delete arbitrary files. The provided documents state the vulnerable code path and the impact (local deletion) but do not provide any remediation, mitigation steps, or patch version details. No exploitat...