GNU bug report logs - #78507
[Security] Heap Buffer Overflow in GNU Coreutils sort (CWE-122)

Reported by: Med Maatallah <hotelsmaatallahrecemail <at> gmail.com>

Date: Tue, 20 May 2025 11:47:02 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

View this message in rfc822 format

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Pádraig Brady <P <at> draigBrady.com>, Med Maatallah <hotelsmaatallahrecemail <at> gmail.com>, 78507 <at> debbugs.gnu.org
Subject: bug#78507: [Security] Heap Buffer Overflow in GNU Coreutils sort (CWE-122)
Date: Tue, 20 May 2025 11:24:04 -0700

On 2025-05-20 10:15, Pádraig Brady wrote:

> The attached patch addresses the issue here,
> and includes a test verified to trigger with ASAN or valgrind available.

Thanks. A nit: the patch doesn't include the change to NEWS.

This bug report was last modified 26 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #78507 [Security] Heap Buffer Overflow in GNU Coreutils sort (CWE-122)

GNU bug report logs - #78507
[Security] Heap Buffer Overflow in GNU Coreutils sort (CWE-122)