CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-67hp-f6hq-2h6g: Duplicate Advisory: uutils coreutils Uses Incorrectly-Resolved Name or Reference

mediumCVSS 4.4
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8vrf-r662-2w2v. This link is maintained to preserve external references. Original Description The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are destroyed (e.g., /dev/null becomes a regular file). This behavior can lead to runtime denial of service through disk exhaustion or process hangs when reading from unbounded device nodes.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
medium — CVSS 4.4
Published
2026-04-22
Last updated
2026-07-06
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-67hp-f6hq-2h6g

More from GitHub Security Advisories