漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization
Vulnerability Description
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD). This behavior differs from GNU comm, which processes raw bytes and preserves the original input. This results in corrupted output when the utility is used to compare binary files or files using non-UTF-8 legacy encodings.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
Unicode编码处理不恰当
Vulnerability Title
uutils coreutils 安全漏洞
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在安全漏洞,该漏洞源于comm实用程序通过对所有输出行执行有损UTF-8转换来静默损坏数据,实现使用String::from_utf8_lossy,将无效UTF-8字节序列替换为Unicode替换字符,此行为与处理原始字节并保留原始输入的GNU comm不同,当实用程序用于比较二进制文件或使用非UTF-8遗留编码的文件时,会导致输出损坏。
CVSS Information
N/A
Vulnerability Type
N/A