Your submission was sent successfully! Close

CVE-2015-4042

Published: 24 January 2020

Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
coreutils
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940

Notes

AuthorNote
mdeslaur
Ubuntu doesn't contain the i18n patch

References