44 matches found
CVE-2026-35360
The CVE-2026-35360 entry concerns the touch utility in uutils coreutils. A TOCTOU race occurs during file creation: when touch detects a missing path, it later calls File::create(), which uses O_TRUNC, allowing a local attacker to create a file or swap a symlink at the target path. This can cause...
CVE-2026-35351
The CVE-2026-35351 entry concerns the mv utility in uutils coreutils, where moves across filesystem boundaries do not preserve source ownership. A copy-and-delete path creates the destination with the caller’s UID/GID instead of the source metadata, potentially causing files moved by a privileged...
CVE-2026-35363
The CVE-2026-35363 entry concerns the rm utility in uutils coreutils. The issue: path normalization bug allows bypass of safeguards for the current directory. It correctly refuses . and .. but fails to recognize equivalent paths with trailing slashes (e.g., ./ or .///). An accidental/malicious ex...
CVE-2026-35372
Affects the ln utility in uutils coreutils. A logic error causes dereferencing of the target when --no-dereference/-n is provided, previously only honoring no-dereference with --force. This can cause ln to follow a symlink pointing to a directory and create links inside that directory instead of ...
CVE-2026-35357
The CVE-2026-35357 entry concerns the cp utility in the uutils coreutils project. The vulnerability is an information-disclosure race where destination files are created with umask-derived permissions (e.g., 0644) and later tightened to the final mode (e.g., 0600). A local attacker can race to op...
CVE-2026-35364
The CVE-2026-35364 entry describes a TOCTOU race in the mv utility of the uutils coreutils project during cross-device operations. The vulnerability arises when mv removes the destination path and recreates it via a copy; a local attacker with write access to the destination directory can replace...
CVE-2026-35350
The CVE-2026-35350 entry concerns the cp utility in uutils coreutils. When using -p (preserve), if chown fails, the tool applies the source’s mode bits, potentially producing a user-owned copy with privileged bits (setuid/setgid) and violating local security policies. This behavior differs from G...
CVE-2026-35353
The CVE-2026-35353 entry concerns the mkdir utility in uutils coreutils. The root cause is that, when using -m, it creates the directory with umask-derived permissions (typically 0755) and only afterwards calls chmod to apply the requested mode, creating a brief window where a directory intended ...
CVE-2026-35355
CVE-2026-35355 concerns the install utility in uutils coreutils . The vulnerability arises from a TOCTOU race during file installation: the code unlinks an existing destination file and then recreates it via a path-based operation without using the O_EXCL flag. This creates a window where a local...
CVE-2026-35368
CVE-2026-35368 describes a local privilege-escalation in the chroot utility of the uutils coreutils when using the --userspec option. The issue arises because the utility resolves the user via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this c...
CVE-2026-35378
CVE-2026-35378 affects the expr utility in uutils coreutils. A logic error causes evaluation of parenthesized subexpressions during parsing instead of execution, preventing proper short-circuiting for OR/AND. Consequently, arithmetic errors (e.g., division by zero) in dead branches are raised as ...
CVE-2026-35338
Summary: CVE-2026-35338 affects the chmod utility in the uutils coreutils package. The vulnerability arises because the implementation only checks if the target path is exactly “/” and does not canonicalize the path, allowing path variants like “/../” or symbolic links to bypass --preserve-root. ...
CVE-2026-35373
The CVE-2026-35373 issue affects the ln utility in uutils/coreutils. A logic error causes ln to reject source paths containing non-UTF‑8 filename bytes when using target-directory forms (for example, ln SOURCE... DIRECTORY). Unlike GNU ln, which treats filenames as raw bytes, the uutils implement...
CVE-2026-35345
CVE-2026-35345 concerns the tail utility in uutils coreutils. The vulnerability arises with the --follow=name option: the implementation continues watching a path after it has been replaced by a symlink and then outputs the contents of the link’s target. In environments where a privileged user mo...
CVE-2026-35349
CVE-2026-35349 affects the rm utility in uutils coreutils . The root cause is a path-string check used to identify the root directory instead of comparing device/inode numbers, allowing a symbolic link that resolves to "/" (e.g., "/tmp/rootlink -> /") to bypass --preserve-root. This can lead t...
CVE-2026-35374
The CVE concerns the split utility of uutils coreutils, where a TOCTOU race exists between a path-based check and subsequent opening with truncation. An attacker with directory write access can swap path components (e.g., via a symlink) during the race, causing split to truncate and write to an u...
CVE-2026-35341
The CVE-2026-35341 entry concerns uutils coreutils mkfifo. The vulnerability arises when mkfifo tries to create a FIFO but a file already exists at the target path; the operation for that path does not terminate and a follow-up set_permissions call executes, changing the existing file’s permissio...
CVE-2026-35352
CVE-2026-35352 affects the mkfifo utility in uutils coreutils. A TOCTOU race exists: the tool creates a FIFO and then performs a path-based chmod. A local attacker with write access to the parent directory can replace the newly created FIFO with a symbolic link between the two operations, causing...
CVE-2026-35342
CVE-2026-35342 affects the mktemp utility in the uutils coreutils project. The issue arises because the implementation does not treat an empty TMPDIR as a fallback to /tmp (unlike GNU mktemp); instead, it treats an empty string as a valid path, causing temporary files to be created in the current...
CVE-2026-35359
The CVE-2026-35359 entry describes a TOCTOU flaw in the cp utility of the uutils coreutils project. The cp command checks whether the source path is a symlink using metadata, then opens the path without O_NOFOLLOW, allowing a concurrent writer to swap a regular file for a symlink during the windo...
CVE-2026-35371
CVE-2026-35371 concerns the id utility in the uutils coreutils package. The vulnerability arises in the pretty print mode, where the tool incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This causes the output to misreport the i...
CVE-2026-35379
Affected product and component: uutils coreutils’ tr utility. Root cause: logic error causes mis-definition of character classes [:graph:] and [:print:], inadvertently including ASCII space (0x20) in [:graph:] while excluding it from [:print:], reversing standard POSIX/GNU behavior. Impact: can l...
CVE-2026-35380
The CVE-2026-35380 relates to the cut utility in uutils coreutils, where a logic error causes the literal two-byte string '' to be interpreted as an empty delimiter. The implementation maps this string to the NUL character for both -d and --output-delimiter, potentially causing silent data corrup...
CVE-2026-35339
The CVE-2026-35339 entry concerns the recursive mode (-R) of uutils coreutils chmod. Affected component: chmod in uutils coreutils. Issue: exit codes are determined by the last file processed, allowing an exit code of 0 despite prior errors (e.g., Operation not permitted). Impact: scripts relying...
CVE-2026-35354
The CVE concerns the mv utility from uutils coreutils, where a TOCTOU race occurs during cross-device moves. The xattr preservation logic uses several path-based system calls that re-resolve inodes between operations, allowing a local attacker with directory write access to swap files during the ...
CVE-2026-35361
The CVE-2026-35361 issue affects the mknod utility in uutils coreutils. It describes non-atomic handling of security labels for created device nodes: mknod creates the nodes before applying the SELinux context, and on labeling failure attempts cleanup via std::fs::remove_dir, which cannot remove ...
CVE-2026-35362
The CVE-2026-35362 entry concerns the safe_traversal module in uutils coreutils, which is described as failing to provide TOCTOU protections on non-Linux Unix-like systems (e.g., macOS, FreeBSD). The vulnerability, as stated, affects directory traversal operations due to the lack of these protect...
CVE-2026-35366
The CVE-2026-35366 entry concerns the printenv utility in uutils coreutils. Affected component: printenv reads environment strings and, when variables contain invalid UTF-8 byte sequences, uutils’ implementation silently skips printing them instead of showing the raw bytes. This can allow malicio...
CVE-2026-35376
A TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The code uses a fresh path lookup (fts_accpath) to resolve targets instead of binding traversal and label application to the directory state encountered during traversal, and the operations are not...
CVE-2026-35340
The CVE-2026-35340 issue affects the uutils coreutils chown and chgrp via the ChownExecutor. In recursive operations, the utilities return an exit code based solely on the last processed file; if earlier ownership/group changes failed due to permissions, they may still report success (0). This ca...
CVE-2026-35348
CVE-2026-35348 affects the sort utility in uutils coreutils. Using --files0-from with inputs containing non-UTF-8 filenames triggers a process panic because the implementation enforces UTF-8 and uses expect(), causing a crash on valid but non-UTF-8 paths. This diverges from GNU sort, which treats...
CVE-2026-35356
CVE-2026-35356 describes a TOCTOU vulnerability in the install utility of the uutils coreutils when using -D. The process creates parent directories and then performs a second path resolution to create the target file, without anchoring to a directory file descriptor. A concurrent writer can repl...
CVE-2026-35358
The CVE concerns the cp utility in the uutils coreutils project. When performing recursive copies (-R), it mishandles character and block device nodes by treating them as regular stream sources instead of preserving device semantics. The implementation reads bytes into destination regular files r...
CVE-2026-35367
The CVE concerns the nohup utility from the uutils coreutils project, where nohup.out is created without explicit restricted permissions, causing it to inherit umask-based permissions (typically 0644) and become world-readable. This differs from GNU coreutils, which creates nohup.out with owner-o...
CVE-2026-35369
CVE-2026-35369 affects the kill utility in uutils coreutils. The root cause is an argument parsing error where kill -1 is treated as a request to send the default signal (SIGTERM) to PID -1, instead of recognizing -1 as a signal number. This can lead to the kernel terminating all processes visibl...
CVE-2026-35370
The CVE concerns the id utility in uutils coreutils, where the groups= output is miscalculated because it uses the real GID instead of the effective GID to build the group list. This can cause output divergence from GNU coreutils, potentially affecting scripts and automated processes that rely on...
CVE-2026-35375
CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...
CVE-2026-35365
The CVE concerns the mv utility in uutils coreutils. The issue is that during moves across filesystem boundaries, the mv implementation does not preserve symbolic links; instead, it expands them and copies the linked targets as real files/directories at the destination. According to the provided ...
CVE-2026-35344
The CVE describes a flaw in the dd utility from uutils coreutils: when truncating files, it unconditionally calls Result::ok(), suppressing errors. This behavior mirrors GNU for special files like /dev/null but also hides failures on regular files or directories caused by full disks or read-only ...
CVE-2026-35347
CVE-2026-35347 affects the uutils coreutils comm utility. The are_files_identical routine opens and reads both input paths to compare content without verifying that inputs are regular files. As a result, feeding non-regular inputs (e.g., FIFOs or pipes) drains the streams before the comparison, c...
CVE-2026-35377
The CVE-2026-35377 entry affects the uutils coreutils env utility. A logic error in handling the -S (split-string) mode causes incorrect parsing of command-line arguments; specifically, in contrast to GNU env, the implementation attempts to validate backslash sequences inside single quotes and fa...
CVE-2026-35381
CVE-2026-35381 describes a logic error in the cut utility of the uutils coreutils project. When using -z (null-terminated) and -d '' (empty delimiter) together with -s (only-delimited), the code path incorrectly routes the case to a newline-delimiter handler that does not check record suppression...
CVE-2026-35343
The issue (CVE-2026-35343) affects the uutils coreutils cut utility. When using -s with a newline delimiter, the code path in cut_fields_newline_char_delim does not verify the only_delimited flag, causing non-delimited lines to be emitted instead of suppressed. This is documented as a vulnerabili...
CVE-2026-35346
The CVE-2026-35346 entry concerns the uutils coreutils comm implementation; it is affected by a flaw where the program uses String::from_utf8_lossy() and, as a result, applies lossy UTF-8 conversion to all output lines. This causes data corruption when comparing binary files or files with non-UTF...