CVE-2013-0221
published 2013-11-23CVE-2013-0221: The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long…
PriorityP429medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
7.24%
93.6th percentile
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | coreutils | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian4.3LOW
vendor_msrc4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
CVE-2013-0221: NIST NVD Details: https://nvd
vendor_msrc·2020-09-08·CVSS 4.3
CVE-2013-0221 [MEDIUM] CVE-2013-0221: NIST NVD Details: https://nvd
NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2013-0221
Mariner: Mariner
[email protected]: [email protected]
Exploit Status: DOS:N/A
Remediation: coreutils
Red Hat
coreutils: segfault in "sort -d" and "sort -M" with long line input
vendor_redhat·2013-01-15·CVSS 4.3
CVE-2013-0221 [MEDIUM] CWE-391 coreutils: segfault in "sort -d" and "sort -M" with long line input
coreutils: segfault in "sort -d" and "sort -M" with long line input
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
Package: coreutils (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2013-0221: coreutils - The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attacke...
vendor_debian·2013·CVSS 4.3
CVE-2013-0221 [MEDIUM] CVE-2013-0221: coreutils - The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attacke...
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-x3x5-p66w-97q3: The SUSE coreutils-i18n
ghsa_unreviewed·2022-05-05
CVE-2013-0221 [MEDIUM] CWE-20 GHSA-x3x5-p66w-97q3: The SUSE coreutils-i18n
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
No detection rules found.
Bugzilla
CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 coreutils various flaws [fedora-all]
bugzilla·2013-01-24·CVSS 4.3
CVE-2013-0221 [MEDIUM] CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 coreutils various flaws [fedora-all]
CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 coreutils various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue af
Bugzilla
CVE-2013-0221 coreutils: segfault in "sort -d" and "sort -M" with long line input
bugzilla·2013-01-24·CVSS 4.3
CVE-2013-0221 [MEDIUM] CVE-2013-0221 coreutils: segfault in "sort -d" and "sort -M" with long line input
CVE-2013-0221 coreutils: segfault in "sort -d" and "sort -M" with long line input
It was reported [1] that the sort command suffered from a segfault when processing input streams that contained extremely long strings when used with the -d and -M switches. This flaw is due to the inclusion of the coreutils-i18n.patch.
SUSE has fixed this by fixing the patch. The changes can be seen here [2]. (There is probably e better place to get the patch, but I don't know where).
[1] https://bugzilla.novell.com/show_bug.cgi?id=798538
[2] https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19
Statement:
(none)
Discussion:
Created coreutils tracking bugs for this issue
Affects: fedora-all [bug 903468]
---
Thanks Vincent, but fedora-all is not
http://rhn.redhat.com/errata/RHSA-2013-1652.htmlhttps://bugzilla.novell.com/show_bug.cgi?id=798538https://bugzilla.redhat.com/show_bug.cgi?id=903464https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19http://rhn.redhat.com/errata/RHSA-2013-1652.htmlhttps://bugzilla.novell.com/show_bug.cgi?id=798538https://bugzilla.redhat.com/show_bug.cgi?id=903464https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19
2013-11-23
Published