Gnu Coreutils vulnerabilities

CVE-2024-0684 [MEDIUM] CWE-122 CVE-2024-0684: A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

CVE-2015-4042 [CRITICAL] CWE-190 CVE-2015-4042: Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

CVE-2015-4041 [HIGH] CWE-787 CVE-2015-4041: The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms perfo The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-

CVE-2017-18018 [HIGH] CWE-362 CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a pla In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

CVE-2015-1865 [MEDIUM] CWE-362 CVE-2015-1865: fts.c in coreutils 8.4 allows local users to delete arbitrary files. fts.c in coreutils 8.4 allows local users to delete arbitrary files.

CVE-2014-9471 [HIGH] CVE-2014-9471: The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (c The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

CVE-2009-4135 [MEDIUM] CWE-59 CVE-2009-4135: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain pr The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

CVE-2008-1946 [MEDIUM] CWE-264 CVE-2008-1946: The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain t The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.

CVE-2005-1039 [LOW] CVE-2005-1039: Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is runn Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.