CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
fedoraCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
gnucoreutils
9.2
gnucoreutils
9.3
gnucoreutils
9.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
coreutils
bullseye
8.32-4
not-affected
bookworm
9.1-1
not-affected
buster
not-affected
sid
9.7-2
fixed
trixie
9.7-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
coreutils
noble
not-affected
mantic
not-affected
lunar
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2024-0684
https://bugzilla.redhat.com/show_bug.cgi?id=2258948
https://www.openwall.com/lists/oss-security/2024/01/18/2
https://access.redhat.com/security/cve/CVE-2024-0684
https://bugzilla.redhat.com/show_bug.cgi?id=2258948
https://security.netapp.com/advisory/ntap-20240808-0001/
https://www.openwall.com/lists/oss-security/2024/01/18/2