top | item 45692006

(no title)

collinfunk | 4 months ago

Minor correction, but that bug was never in any "official" coreutils release. The bug was in a multi-byte character patch that many distributions use (and still use). There have been other CVEs in that patch [1].

But the worst you can do is crash 'sort' with that. Note that uutils also has crashes. Here is one due to unbounded recursion:

  $ ./target/release/coreutils mkdir -p `python3 -c 'print("./" + "a/" * 32768)'`
  Segmentation fault (core dumped)

Not saying that both issues don't deserve fixing. But I wouldn't really panic over either of them.

[1] https://lwn.net/Articles/535735/

discuss

No comments yet.