Denial of Service Vulnerability in GNU Coreutils by Remote Attackers
CVE-2014-9471

Currently unrated

Key Information:

Vendor: Gnu
Status: Coreutils
Vendor: CVE Published:; 16 January 2015

Summary

The parse_datetime function in GNU Coreutils is susceptible to exploitation by remote attackers who can deliver crafted date strings to cause a denial of service or potentially execute arbitrary code. An example exploit involves manipulating the command-line arguments for tools like touch or date, leading to unexpected behavior or program crashes. Organizations using GNU Coreutils should ensure they are running the latest version to mitigate risks associated with this vulnerability.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://advisories.mageia.org/MGASA-2015-0029.html

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/11/25/4

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jan 16, 2015
Vulnerability Reserved
Jan 3, 2015