PT-2020-7842 · Gnu+2 · Gnu Coreutils+2

Forgotten User Vlqif8Xtne

Published

2015-07-05

Updated

2024-06-15

CVE-2015-4041

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: GNU Coreutils versions through 8.23

Description: The issue arises from a size calculation error in the keycompare mb function, specifically when handling multibyte characters in UTF-8 strings on 64-bit platforms. This error can lead to a denial of service, resulting in a heap-based buffer overflow and application crash. It may also have other unspecified impacts when processing long UTF-8 strings.

Recommendations: For GNU Coreutils versions through 8.23, update to a version that addresses this issue to prevent potential denial of service or other unspecified impacts.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2015-1847

CVE-2015-4041

MGASA-2015-0259

OPENSUSE-SU-2024:10390-1

SUSE-SU-2015:1637-1

SUSE-SU-2015_1637-1

Affected Products

Alt Linux

Gnu Coreutils

Suse

PT-2020-7842 · Gnu+2 · Gnu Coreutils+2

CVE-2015-4041

Weakness Enumeration

Related Identifiers

Affected Products

References · 23