CVE-2024-0684

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Coreutils versions prior to 9.4-3.1

Description A heap overflow issue exists in the split program within GNU Coreutils. The flaw is located in the line bytes split() function (src/split.c) and occurs when processing long lines, specifically when using the --line-bytes or -C option. This can lead to an application crash and a denial of service. The issue was identified during analysis of failures when using the split utility to process data transmitted via QR codes. The overflow involves user-controlled data of several hundred bytes in length.

Recommendations Update GNU Coreutils to version 9.4-3.1 or later.

Exploit

Fix

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

AZL-34629

BDU:2024-00722

CVE-2024-0684

OPENSUSE-SU-2024:13618-1

ROSA-SA-2025-2611

Affected Products

Gnu Coreutils

Red Os

CVE-2024-0684

Weakness Enumeration

Related Identifiers

Affected Products

References · 41