cve/2024/CVE-2024-0684.md

CVE-2024-0684

Description

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

POC

Reference

• https://www.openwall.com/lists/oss-security/2024/01/18/2
• https://www.openwall.com/lists/oss-security/2024/01/18/2

Github

• https://github.com/Valentin-Metz/writeup_split
• https://github.com/fkie-cad/nvd-json-data-feeds
• https://github.com/jiayy/android_vuln_poc-exp
• https://github.com/nomi-sec/PoC-in-GitHub