Bugzilla – Bug 1218982
VUL-0: CVE-2024-0684: coreutils: coreutils: heap overflow in split --line-bytes with very long lines
Last modified: 2024-02-12 12:25:01 UTC
Since coreutils 9.2 https://github.com/coreutils/coreutils/commit/40bf1591b introduced a heap overflow issue, which can be triggered like: { printf '%131070s\n' ''; printf 'x\n'; printf '%131071s\n' ''; } > in split -C 131072 ---io=131072 in That will dump core, but as with all heap overflows is a potential security issue. I'll leave it up to you to determine whether a CVE is required. There is already a patch upstream, but it's not flagged as a security issue, in an abundance of caution, in case this issue in more security sensitive than first envisaged. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0684 https://bugzilla.redhat.com/show_bug.cgi?id=2258948 Patch: https://github.com/coreutils/coreutils/commit/c4c5ed8f4.patch
Tracking as affected: - SUSE:ALP:Source:Standard:1.0/coreutils 9.4 @ src/split.c:803,823 - openSUSE:Factory/coreutils 9.4 @ src/split.c:803,823
*** Bug 1218890 has been marked as a duplicate of this bug. ***
Created attachment 872656 [details] Reproducer The above reproducer is a TAR archive. To use it you only have to gunzip the file and do the following steps: 1. Download the latest Tumbleweed version oder install ALP. podman pull registry.opensuse.org/opensuse/tumbleweed 2. Download the reproducer 3. Run the podman container with access to the reproducer. podman run -it -v ~/reproducer:/reproducer opensuse/tumbleweed:latest /bin/bash 4. Inside the container run the split command cd /reproducer/ split -C 1024 ./split_me malloc(): corrupted top size Aborted (core dumped) The latest Tumbleweed version has the fix already.
This is an autogenerated message for OBS integration: This bug (1218982) was mentioned in https://build.opensuse.org/request/show/1146149 Factory / coreutils