Vulnerabilities > CVE-2024-0684 - Out-of-bounds Write vulnerability in GNU Coreutils 9.2/9.3/9.4
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
References
- https://access.redhat.com/security/cve/CVE-2024-0684
- https://access.redhat.com/security/cve/CVE-2024-0684
- https://bugzilla.redhat.com/show_bug.cgi?id=2258948
- https://bugzilla.redhat.com/show_bug.cgi?id=2258948
- https://security.netapp.com/advisory/ntap-20240808-0001/
- https://www.openwall.com/lists/oss-security/2024/01/18/2
- https://www.openwall.com/lists/oss-security/2024/01/18/2