The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | 3.0.0-3.9.25 |