CVE-2013-0221

Name of the Vulnerable Software and Affected Versions GNU coreutils (affected versions not specified)

Description The issue allows context-dependent attackers to cause a denial of service, resulting in a segmentation fault and crash, via a long string to the sort command when using the -d or -M switch. This triggers a stack-based buffer overflow in the alloca function. The vulnerability exists due to insufficient input validation in the sort utility of GNU Core Utilities, which can be exploited by a remote attacker to cause a denial of service by entering a long string as an argument for sort with the additional parameters -d or -M.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.