Описание
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| coreutils | fixed | 9.5-1 | package | |
| coreutils | not-affected | bookworm | package | |
| coreutils | not-affected | bullseye | package | |
| coreutils | not-affected | buster | package |
Примечания
https://www.openwall.com/lists/oss-security/2024/01/18/2
Introduced by: https://github.com/coreutils/coreutils/commit/40bf1591bb4362fa91e501bcec7c2029c5f65a43#diff-30bc328ab3afa0ab9f17c6e7cf1752d558ae37cf4200e95bbb04c405c2b59518L821 (v9.2)
Fixed by: https://github.com/coreutils/coreutils/commit/c4c5ed8f4e9cd55a12966d4f520e3a13101637d9 (v9.5)
Связанные уязвимости
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.