Fluid Attacks Database

Description

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	coreutils	-	-
rpm rhel6	coreutils	<0:8.4-31.el6	0:8.4-31.el6

Aliases

1. CVE-2013-02212. NVD-2013-02213. OSV-2013-0221

References

1. https://www.exploit-db.com/exploits/38232

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.