CVE-2015-4041

Published: 1/24/2020 Last updated: 8/6/2024 Reserved: 5/19/2015

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (5)

conf-timeout fstar karamel kremlin liquidsoap

Products affected (1)

Product	Vendor	Version
n/a	n/a	<= 4.9.*

References (6)

http://openwall.com/lists/oss-security/2015/05/15/1
https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
https://bugzilla.suse.com/show_bug.cgi?id=928749
http://openwall.com/lists/oss-security/2015/05/15/1
https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
https://bugzilla.suse.com/show_bug.cgi?id=928749