mailing list archives
Re: CVE request for a bug in gnu coreutils 8.22
From: Marcus Meissner <meissner () suse de>
Date: Fri, 14 Mar 2014 20:17:24 +0100
Can this be used in any form where people will put in untrusted data?
In my feeling ... not really.
On Fri, Mar 14, 2014 at 11:35:40PM +0800, Qixue Xiao wrote:
I am not sure whether this needs a CVE.
this bug will result an illegal memory access, which may be leak
information without authority.
and the author had fixed it after my report.
### Bug overview
shuf -er or shuf -eer [ segment fault]
impact [coreutils 8.22 ]
[15:03:59]xqx <at> server:~/data/xqx/projects/coreutils-8.22$
Segmentation fault (core dumped)