CVE-2013-0222 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Coreutils

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391 — Unchecked Error Condition CWE-665 — Improper Initialization7 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 65.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Redhat Enterprise Linux Debian Coreutils +2 more

Timeline

PublishedNov 23

Latest updateMay 5

Description

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/coreutils

▶NVDopensuse/opensuse11.4, 12.1, 12.2+2

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-833h-pm7q-jw8w: The SUSE coreutils-i18n↗2022-05-05

▶

📋Vendor Advisories

Microsoft

CVE-2013-0222: NIST NVD Details: https://nvd↗2020-09-08

▶

Debian

CVE-2013-0222: coreutils - The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attacke...↗2013

▶

Red Hat

coreutils: segfault in uniq with long line input↗2012-12-31

▶

💬Community

Bugzilla

CVE-2013-0222 coreutils: segfault in uniq with long line input↗2013-01-24

▶

Bugzilla

CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 coreutils various flaws [fedora-all]↗2013-01-24

▶