GNU Coreutils
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GNU Coreutils.
By the Year
In 2026 there have been 0 vulnerabilities in GNU Coreutils. Coreutils did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 5.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 4.70 |
It may take a day or so for new Coreutils vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Coreutils Security Vulnerabilities
GNU Coreutils split Heap Overflow (CVE-2024-0684)
CVE-2024-0684
5.5 - Medium
- February 06, 2024
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Heap-based Buffer Overflow
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which
CVE-2017-18018
4.7 - Medium
- January 04, 2018
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Race Condition
chroot in GNU coreutils, when used with --userspec
CVE-2016-2781
6.5 - Medium
- February 07, 2017
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Improper Input Validation
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1
CVE-2009-4135
- December 11, 2009
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNU Coreutils or by GNU? Click the Watch button to subscribe.
