Vulnerabilities > CVE-2024-0684 - Out-of-bounds Write vulnerability in GNU Coreutils 9.2/9.3/9.4

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

gnu

CWE-787

NVD

Published: 2024-02-06

Updated: 2024-02-14

Summary

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Coreutils 9.2 GNU Coreutils 9.3 GNU Coreutils 9.4	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://access.redhat.com/security/cve/CVE-2024-0684
https://bugzilla.redhat.com/show_bug.cgi?id=2258948
https://www.openwall.com/lists/oss-security/2024/01/18/2