Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0221Improper Input Validation in Coreutils

CWE-20Improper Input ValidationCWE-391Unchecked Error ConditionCWE-665Improper Initialization8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
6.0%
top 9.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
OpensuseRedhat Enterprise LinuxDebian Coreutils+2 more
Timeline
PublishedNov 23
Latest updateMay 5

Description

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDopensuse/opensuse12.1, 12.2+1

Also affects: Enterprise Linux 6.0

Patches

Patch: build.opensuse.orgPatch: build.opensuse.org

🔴Vulnerability Details

1
GHSA
GHSA-x3x5-p66w-97q3: The SUSE coreutils-i18n2022-05-05

💥Exploits & PoCs

1
Exploit-DB
GNU Coreutils 'sort' Text Utility - Local Buffer Overflow2013-01-21

📋Vendor Advisories

3
Microsoft
CVE-2013-0221: NIST NVD Details: https://nvd2020-09-08
Red Hat
coreutils: segfault in "sort -d" and "sort -M" with long line input2013-01-15
Debian
CVE-2013-0221: coreutils - The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attacke...2013

💬Community

2
Bugzilla
CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 coreutils various flaws [fedora-all]2013-01-24
Bugzilla
CVE-2013-0221 coreutils: segfault in "sort -d" and "sort -M" with long line input2013-01-24