uutils coreutils printenv Security Inspection Bypass via UTF-8 Enforcement

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows malicious environment variables (e.g., adversarial LD_PRELOAD values) to evade inspection by administrators or security auditing tools, potentially allowing library injection or other environment-based attacks to go undetected.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

对因果或异常条件的不恰当检查

uutils coreutils 代码问题漏洞

uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在代码问题漏洞，该漏洞源于printenv无法显示包含无效UTF-8字节序列的环境变量，可能导致恶意环境变量逃避管理员或安全审计工具检查。

N/A

N/A