GNU Coreutils
By the Year
In 2024 there have been 1 vulnerability in GNU Coreutils with an average score of 5.5 out of ten. Coreutils did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 5.50 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Coreutils vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Coreutils Security Vulnerabilities
A flaw was found in the GNU coreutils "split" program
CVE-2024-0684
5.5 - Medium
- February 06, 2024
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Memory Corruption
chroot in GNU coreutils, when used with --userspec
CVE-2016-2781
6.5 - Medium
- February 07, 2017
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Improper Input Validation
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1
CVE-2009-4135
- December 11, 2009
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by GNU? Click the Watch button to subscribe.