CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-7259-cwhx-3xx3: Duplicate Advisory: uutils coreutils has an Improper Check for Unusual or Exceptional Conditions

mediumCVSS 4.4
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p7h3-7q52-72w8. This link is maintained to preserve external references. Original Description The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows malicious environment variables (e.g., adversarial LD_PRELOAD values) to evade inspection by administrators or security auditing tools, potentially allowing library injection or other environment-based attacks to go undetected.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
medium — CVSS 4.4
Published
2026-04-22
Last updated
2026-07-06
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-7259-cwhx-3xx3

More from GitHub Security Advisories