Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request for a bug in gnu coreutils 8.22
From: Marcus Meissner <meissner () suse de>
Date: Fri, 14 Mar 2014 20:17:24 +0100


Can this be used in any form where people will put in untrusted data?

In my feeling ... not really.

Ciao, Marcus
On Fri, Mar 14, 2014 at 11:35:40PM +0800, Qixue Xiao wrote:
I am not sure whether this needs a CVE.

this bug will result an illegal memory access, which may be leak
information without authority.

and the author had fixed it after my report.

please see:

### Bug overview

    shuf -er or shuf -eer [ segment fault]
    impact [coreutils 8.22 ]

[15:03:59]xqx <at> server:~/data/xqx/projects/coreutils-8.22$
./obj-gcov/src/shuf -er
Segmentation fault (core dumped)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]