A flaw was found in GNU Coreutils. The sort utilitys begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | coreutils-0:9.5-8.el10_2 | * |
| Red Hat Enterprise Linux 9 | RedHat | coreutils-0:8.32-41.el9_8 | * |
| Red Hat Discovery 2 | RedHat | discovery/discovery-ui-rhel9:1782756541 | * |
| Red Hat Insights proxy 1.5 | RedHat | insights-proxy/insights-proxy-container-rhel9:1782890503 | * |
| Red Hat OpenShift distributed tracing 3.10.1 | RedHat | rhosdt/tempo-gateway-opa-rhel9:1782501180 | * |
| Red Hat OpenShift distributed tracing 3.10.1 | RedHat | rhosdt/tempo-gateway-rhel9:1782501200 | * |
| Red Hat OpenShift distributed tracing 3.10.1 | RedHat | rhosdt/tempo-jaeger-query-rhel9:1782498923 | * |
| Red Hat OpenShift distributed tracing 3.10.1 | RedHat | rhosdt/tempo-operator-bundle:1782510941 | * |
| Red Hat OpenShift distributed tracing 3.10.1 | RedHat | rhosdt/tempo-query-rhel9:1782501220 | * |
| Red Hat OpenShift distributed tracing 3.10.1 | RedHat | rhosdt/tempo-rhel9:1782501196 | * |
| Red Hat OpenShift distributed tracing 3.10.1 | RedHat | rhosdt/tempo-rhel9-operator:1782501195 | * |
| Coreutils | Ubuntu | esm-infra/xenial | * |
| Coreutils | Ubuntu | focal | * |
| Coreutils | Ubuntu | oracular | * |
| Coreutils | Ubuntu | plucky | * |