CVE-2024-0684
published 2024-02-06CVE-2024-0684: A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | coreutils | < coreutils 9.5-1 (forky) | coreutils 9.5-1 (forky) |
| gnu | coreutils | — | — |
| gnu | coreutils | — | — |
| gnu | coreutils | — | — |
| gnu | coreutils | >= 0 < 9.5-1 | 9.5-1 |
| gnu | coreutils | >= 0 < 9.5-1 | 9.5-1 |
| msrc | azl3_coreutils_9.4-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_coreutils_9.4-6_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM