Vulnerabilities > CVE-2015-4041 - Out-of-bounds Write vulnerability in GNU Coreutils 8.23

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
gnu
CWE-787
nessus

Summary

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

Vulnerable Configurations

Part Description Count
Application
Gnu
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-420.NASL
    descriptioncoreutils was updated to fix one security issue and one non-security bug. The following vulnerability was fixed : - CVE-2015-4042: Use a later version of the patch that fixed (boo#928749, CVE-2015-4041), also avoiding I18N issue The following bug was fixed : - boo#933396: adjust reference to info nodes in man pages
    last seen2020-06-05
    modified2015-06-15
    plugin id84186
    published2015-06-15
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84186
    titleopenSUSE Security Update : coreutils / coreutils-testsuite (openSUSE-2015-420)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1637-1.NASL
    descriptionThis update for coreutils provides the following fixes : - Fix memory handling error with case insensitive sort using UTF-8. (CVE-2015-4041, CVE-2015-4042) - Ensure
    last seen2020-06-01
    modified2020-06-02
    plugin id86184
    published2015-09-28
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86184
    titleSUSE SLED12 / SLES12 Security Update : coreutils (SUSE-SU-2015:1637-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1374.NASL
    descriptionAccording to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.(CVE-2015-4041) - Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.(CVE-2015-4042) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-04-15
    plugin id135503
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135503
    titleEulerOS 2.0 SP3 : coreutils (EulerOS-SA-2020-1374)