CVE-2024-0684 - A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of

CVE-2024-0684

Summary

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

References

https://access.redhat.com/security/cve/CVE-2024-0684
https://bugzilla.redhat.com/show_bug.cgi?id=2258948
https://www.openwall.com/lists/oss-security/2024/01/18/2

Vulnerable Configurations

cpe:2.3:a:gnu:coreutils:9.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:9.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:9.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:9.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:9.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:9.4:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

14-02-2024 - 00:26

Published

06-02-2024 - 09:15

Last modified

14-02-2024 - 00:26