uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup or migration scripts, as the utility may report a successful operation even when the destination file contains old or garbage data.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

未加检查的返回值

uutils coreutils 安全漏洞

uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞，该漏洞源于dd实用程序通过无条件调用Result::ok来抑制文件截断操作期间的错误，虽然旨在模仿GNU对特殊文件的行为，但uutils实现也隐藏了常规文件和目录上因磁盘已满或只读文件系统引起的故障，可能导致备份或迁移脚本中的静默数据损坏，因为实用程序可能报告操作成功，即使目标文件包含旧数据或垃圾数据。

N/A

N/A