Common Weakness Enumeration

CWE-684

Allowed-with-Review

Incorrect Provision of Specified Functionality

Abstraction: Class · Status: Draft

The code does not function according to its published specifications, potentially leading to incorrect usage.

53 vulnerabilities reference this CWE, most recent first.

GHSA-445C-VH5M-36RJ

Vulnerability from github – Published: 2026-04-10 18:31 – Updated: 2026-04-14 00:13
VLAI
Summary
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
Details

Apache Log4j Core's Rfc5424Layout, in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes.

Two distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:

  • The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output.
  • The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping.

Users of the SyslogAppender are not affected, as its configuration attributes were not modified.

Users are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.logging.log4j:log4j-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.21.0"
            },
            {
              "fixed": "2.25.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.logging.log4j:log4j-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0-beta1"
            },
            {
              "last_affected": "3.0.0-beta3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-117",
      "CWE-684"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-14T00:13:29Z",
    "nvd_published_at": "2026-04-10T16:16:31Z",
    "severity": "MODERATE"
  },
  "details": "Apache Log4j Core\u0027s [`Rfc5424Layout`](https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout), in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes.\n\nTwo distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:\n\n  *  The `newLineEscape` attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output.\n  *  The `useTlsMessageFormat` attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping.\n\nUsers of the `SyslogAppender` are not affected, as its configuration attributes were not modified.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.",
  "id": "GHSA-445c-vh5m-36rj",
  "modified": "2026-04-14T00:13:29Z",
  "published": "2026-04-10T18:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34478"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/logging-log4j2/pull/4074"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/logging-log4j2"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/3k1clr2l6vkdnl4cbhjrnt1nyjvb5gwt"
    },
    {
      "type": "WEB",
      "url": "https://logging.apache.org/cyclonedx/vdr.xml"
    },
    {
      "type": "WEB",
      "url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout"
    },
    {
      "type": "WEB",
      "url": "https://logging.apache.org/security.html#CVE-2026-34478"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/10/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility"
}

GHSA-4RCQ-JV2F-898J

Vulnerability from github – Published: 2020-05-08 19:05 – Updated: 2024-10-16 21:01
VLAI
Summary
Incorrect Provision of Specified Functionality in qutebrowser
Details

Description

After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false which is not recommended), this could still provide a false sense of security.

Affected versions and patches

All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested.

The issue is fixed in qutebrowser v1.11.1 (pending release) and v1.12.0 (unreleased). Backported patches for older versions are available, but no further releases are planned.

Mitigation

If you are unable to upgrade:

  • Treat any host with a certificate exception as insecure, ignoring the URL color
  • Or set content.ssl_strict to True (instead of 'ask'), preventing certificate exceptions

References

  • qutebrowser issue: https://github.com/qutebrowser/qutebrowser/issues/5403
  • Fix (master branch): https://github.com/qutebrowser/qutebrowser/commit/021ab572a319ca3db5907a33a59774f502b3b975
  • Related issue for KDE Falkon: https://bugs.kde.org/show_bug.cgi?id=420902
  • Related issue for eric6 Web Browser: https://tracker.die-offenbachs.homelinux.org/eric/issue328 (fixed in eric6 20.6)
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "qutebrowser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-11054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-05-08T19:04:30Z",
    "nvd_published_at": "2020-05-07T21:15:00Z",
    "severity": "LOW"
  },
  "details": "# Description\n\nAfter a certificate error was overridden by the user, qutebrowser displays the URL as yellow (`colors.statusbar.url.warn.fg`). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (`colors.statusbar.url.success_https`). While the user already has seen a certificate error prompt at this point (or set `content.ssl_strict` to `false` which is not recommended), this could still provide a false sense of security.\n\n# Affected versions and patches\n\nAll versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn\u0027t be tested.\n\nThe issue is fixed in qutebrowser v1.11.1 (pending release) and v1.12.0 (unreleased). Backported patches for older versions are available, but no further releases are planned.\n\n# Mitigation\n\nIf you are unable to upgrade:\n\n- Treat any host with a certificate exception as insecure, ignoring the URL color\n- Or set `content.ssl_strict` to `True` (instead of `\u0027ask\u0027`), preventing certificate exceptions\n\n# References\n\n- qutebrowser issue: https://github.com/qutebrowser/qutebrowser/issues/5403\n- Fix (master branch): https://github.com/qutebrowser/qutebrowser/commit/021ab572a319ca3db5907a33a59774f502b3b975\n- Related issue for KDE Falkon: https://bugs.kde.org/show_bug.cgi?id=420902\n- Related issue for eric6 Web Browser: https://tracker.die-offenbachs.homelinux.org/eric/issue328 (fixed in eric6 20.6)",
  "id": "GHSA-4rcq-jv2f-898j",
  "modified": "2024-10-16T21:01:54Z",
  "published": "2020-05-08T19:05:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11054"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/issues/5403"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/021ab572a319ca3db5907a33a59774f502b3b975"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/19f01bb42d02da539446a52a25bb0c1232b86327"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/1b7946ed14b386a24db050f2d6dba81ba6518755"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/2281a205c3e70ec20f35ec8fafecee0d5c4f3478"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/4020210b193f77cf1785b21717f6ef7c5de5f0f8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/6821c236f9ae23adf21d46ce0d56768ac8d0c467"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/9bd1cf585fccdfe8318fff7af793730e74a04db3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/a45ca9c788f648d10cccce2af41405bf25ee2948"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/d28ed758d077a5bf19ddac4da468f7224114df23"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qutebrowser/qutebrowser/commit/f5d801251aa5436aff44660c87d7013e29ac5864"
    },
    {
      "type": "WEB",
      "url": "https://tracker.die-offenbachs.homelinux.org/eric/issue328"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKAZOOTJ2MBHTYVYQQ52NL53F5CB2XAP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7YWJ5QNHXKTGG5NLV7EGEOKPBVZBA5GS"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/qutebrowser/qutebrowser"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/qutebrowser/PYSEC-2020-97.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Incorrect Provision of Specified Functionality in qutebrowser"
}

GHSA-532V-XP3F-837C

Vulnerability from github – Published: 2026-04-22 18:31 – Updated: 2026-07-06 21:54
VLAI
Summary
Duplicate Advisory: uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-pmfc-4wjj-gmhx. This link is maintained to preserve external references.

Original Description

A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code path that fails to check the record suppression status. Consequently, uutils cut emits the entire record plus a NUL byte instead of suppressing it. This divergence from GNU coreutils behavior creates a data integrity risk for automated pipelines that rely on cut -s to filter out undelimited data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "coreutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-30T18:05:52Z",
    "nvd_published_at": "2026-04-22T17:16:43Z",
    "severity": "LOW"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pmfc-4wjj-gmhx. This link is maintained to preserve external references.\n\n### Original Description\nA logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d \u0027\u0027 (empty delimiter) options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code path that fails to check the record suppression status. Consequently, uutils cut emits the entire record plus a NUL byte instead of suppressing it. This divergence from GNU coreutils behavior creates a data integrity risk for automated pipelines that rely on cut -s to filter out undelimited data.",
  "id": "GHSA-532v-xp3f-837c",
  "modified": "2026-07-06T21:54:21Z",
  "published": "2026-04-22T18:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/pull/11394"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/commit/483f13e91830c468262aa1e010e753d6ae99c898"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/releases/tag/0.8.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility",
  "withdrawn": "2026-07-06T21:54:21Z"
}

GHSA-58JQ-VJFQ-8V45

Vulnerability from github – Published: 2024-10-11 15:30 – Updated: 2024-10-11 15:30
VLAI
Details

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-11T13:15:16Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API.",
  "id": "GHSA-58jq-vjfq-8v45",
  "modified": "2024-10-11T15:30:32Z",
  "published": "2024-10-11T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5005"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2501461"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-863H-C4V7-H5FV

Vulnerability from github – Published: 2025-11-28 09:30 – Updated: 2025-11-28 09:30
VLAI
Details

app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-28T07:15:59Z",
    "severity": "HIGH"
  },
  "details": "app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.",
  "id": "GHSA-863h-c4v7-h5fv",
  "modified": "2025-11-28T09:30:17Z",
  "published": "2025-11-28T09:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66384"
    },
    {
      "type": "WEB",
      "url": "https://github.com/misp/misp/commit/6867f0d3157a1959154bdad9ddac009dec6a19f5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/MISP/MISP/compare/v2.5.23...v2.5.24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87HW-Q9CH-HCVH

Vulnerability from github – Published: 2025-07-05 03:30 – Updated: 2025-07-05 03:30
VLAI
Details

The rustls crate 0.23.13 before 0.23.18 for Rust, when rustls::server::Acceptor::accept is used, allows a panic via a fragmented TLS ClientHello.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-05T02:15:21Z",
    "severity": "MODERATE"
  },
  "details": "The rustls crate 0.23.13 before 0.23.18 for Rust, when rustls::server::Acceptor::accept is used, allows a panic via a fragmented TLS ClientHello.",
  "id": "GHSA-87hw-q9ch-hcvh",
  "modified": "2025-07-05T03:30:23Z",
  "published": "2025-07-05T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58254"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rustls/rustls/issues/2227"
    },
    {
      "type": "WEB",
      "url": "https://crates.io/crates/rustls"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0399.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PGC-2J25-RWG6

Vulnerability from github – Published: 2025-07-25 06:30 – Updated: 2025-07-25 06:30
VLAI
Details

Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54568"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T04:16:13Z",
    "severity": "LOW"
  },
  "details": "Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node.",
  "id": "GHSA-8pgc-2j25-rwg6",
  "modified": "2025-07-25T06:30:30Z",
  "published": "2025-07-25T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54568"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geo-chen/Akamai/blob/main/Edge%20Hopping.md"
    },
    {
      "type": "WEB",
      "url": "http://techdocs.akamai.com/app-api-protector/docs/improved-rate-accounting"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-94JG-W625-JQ92

Vulnerability from github – Published: 2026-05-07 03:31 – Updated: 2026-05-07 03:31
VLAI
Details

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-07T01:16:01Z",
    "severity": "LOW"
  },
  "details": "Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.",
  "id": "GHSA-94jg-w625-jq92",
  "modified": "2026-05-07T03:31:21Z",
  "published": "2026-05-07T03:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44597"
    },
    {
      "type": "WEB",
      "url": "https://forum.torproject.org/c/news/tor-release-announcement/28"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.torproject.org/tpo/core/tor/-/commit/8f98054b1982d00a14639864d03e9afd90b87481"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.torproject.org/tpo/core/tor/-/work_items/41254"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/05/06/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C2Q6-W8RJ-WVHW

Vulnerability from github – Published: 2025-07-25 03:30 – Updated: 2025-07-25 03:30
VLAI
Details

hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54567"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-25T03:15:33Z",
    "severity": "MODERATE"
  },
  "details": "hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.",
  "id": "GHSA-c2q6-w8rj-wvhw",
  "modified": "2025-07-25T03:30:27Z",
  "published": "2025-07-25T03:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54567"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FHR3-XH3Q-69W6

Vulnerability from github – Published: 2026-04-22 18:31 – Updated: 2026-04-30 18:04
VLAI
Summary
uutils coreutils has an Incorrect Provision of Specified Functionality Issue
Details

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space character (0x20) in the [:graph:] class and excludes it from the [:print:] class, effectively reversing the standard behavior established by POSIX and GNU coreutils. This vulnerability leads to unintended data modification or loss when the utility is used in automated scripts or data-cleaning pipelines that rely on standard character class semantics. For example, a command executed to delete all graphical characters while intending to preserve whitespace will incorrectly delete all ASCII spaces, potentially resulting in data corruption or logic failures in downstream processing.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "coreutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35379"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-684"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-30T18:04:14Z",
    "nvd_published_at": "2026-04-22T17:16:42Z",
    "severity": "LOW"
  },
  "details": "A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space character (0x20) in the [:graph:] class and excludes it from the [:print:] class, effectively reversing the standard behavior established by POSIX and GNU coreutils. This vulnerability leads to unintended data modification or loss when the utility is used in automated scripts or data-cleaning pipelines that rely on standard character class semantics. For example, a command executed to delete all graphical characters while intending to preserve whitespace will incorrectly delete all ASCII spaces, potentially resulting in data corruption or logic failures in downstream processing.",
  "id": "GHSA-fhr3-xh3q-69w6",
  "modified": "2026-04-30T18:04:14Z",
  "published": "2026-04-22T18:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35379"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/pull/11405"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/commit/358063f3367cb23a1e5db314cfdbfeb607749b3d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/releases/tag/0.8.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "uutils coreutils has an Incorrect Provision of Specified Functionality Issue"
}

Mitigation
Implementation

Ensure that your code strictly conforms to specifications.

No CAPEC attack patterns related to this CWE.