A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the linebytessplit() function, potentially leading to an application crash and denial of service.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/0xxx/CVE-2024-0684.json",
"cna_assigner": "fedora",
"cwe_ids": [
"CWE-122"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "v9.2"
},
{
"last_affected": "v9.2"
},
{
"introduced": "v9.3"
},
{
"last_affected": "v9.3"
},
{
"introduced": "v9.4"
},
{
"last_affected": "v9.4"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": [
"cpe:2.3:a:gnu:coreutils:9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:gnu:coreutils:9.3:*:*:*:*:*:*:*",
"cpe:2.3:a:gnu:coreutils:9.4:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "9.2"
},
{
"last_affected": "9.2"
},
{
"introduced": "9.3"
},
{
"last_affected": "9.3"
},
{
"introduced": "9.4"
},
{
"last_affected": "9.4"
}
],
"source": "CPE_STRING"
}