CVE-2013-0223 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Coreutils

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391 — Unchecked Error Condition CWE-665 — Improper Initialization7 documents6 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 65.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Redhat Enterprise Linux Debian Coreutils +2 more

Timeline

PublishedNov 23

Latest updateMay 5

Description

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/coreutils

▶NVDopensuse/opensuse11.4, 12.1, 12.2+2

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

Also affects: Enterprise Linux 6.0

Patches

Patch: build.opensuse.org ↗Patch: build.opensuse.org ↗

🔴Vulnerability Details

GHSA

GHSA-gqm8-m83m-qjfv: The SUSE coreutils-i18n↗2022-05-05

▶

📋Vendor Advisories

Microsoft

CVE-2013-0223: NIST NVD Details: https://nvd↗2020-09-08

▶

Red Hat

coreutils: segfault in "join -i" with long line input↗2013-01-15

▶

Debian

CVE-2013-0223: coreutils - The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attacke...↗2013

▶

💬Community

Bugzilla

CVE-2013-0221 CVE-2013-0222 CVE-2013-0223 coreutils various flaws [fedora-all]↗2013-01-24

▶

Bugzilla

CVE-2013-0223 coreutils: segfault in "join -i" with long line input↗2013-01-24

▶