Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Uutils — Vulnerabilities & Security Advisories 44

Browse all 44 CVE security advisories affecting Uutils. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Uutils provides a comprehensive suite of core Unix utilities, including ls, cat, and grep, implemented in Rust for cross-platform compatibility. This software serves as a critical dependency for many Linux distributions and development environments, aiming to replace traditional GNU coreutils. Historically, the project has faced 44 recorded Common Vulnerabilities and Exposures, predominantly involving buffer overflows, integer overflows, and improper input validation within parsing logic. These flaws frequently lead to remote code execution or denial-of-service conditions, particularly when processing malformed file inputs or command-line arguments. While no major widespread incidents have been publicly documented beyond standard patch cycles, the high volume of CVEs highlights persistent challenges in memory safety despite Rust’s inherent protections. Security audits often reveal edge-case failures in argument parsing and file handling, necessitating rigorous regression testing to maintain system integrity across diverse operating systems.

Found 44 results / 44Clear Filters
Top products by Uutils: coreutils
CVE IDTitleCVSSSeverityPublished
CVE-2026-35381 uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering — coreutilsCWE-684 3.3 Low2026-04-22
CVE-2026-35380 uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing — coreutilsCWE-20 5.5 Medium2026-04-22
CVE-2026-35379 uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling — coreutilsCWE-684 3.3 Low2026-04-22
CVE-2026-35378 uutils coreutils expr Local Denial of Service via Eager Evaluation of Parenthesized Subexpressions — coreutilsCWE-768 3.3 Low2026-04-22
CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode — coreutilsCWE-20 3.3 Low2026-04-22
CVE-2026-35376 uutils coreutils chcon Security Bypass and Mandatory Access Control (MAC) Inconsistency via TOCTOU Race Condition — coreutilsCWE-367 4.5 Medium2026-04-22
CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding — coreutilsCWE-176 3.3 Low2026-04-22
CVE-2026-35374 uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition — coreutilsCWE-367 6.3 Medium2026-04-22
CVE-2026-35373 uutils coreutils ln Local Denial of Service via Improper Handling of Non-UTF-8 Filenames — coreutilsCWE-176 3.3 Low2026-04-22
CVE-2026-35372 uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag — coreutilsCWE-61 5.0 Medium2026-04-22
CVE-2026-35371 uutils coreutils id Misleading Identity Reporting in Pretty Print Mode — coreutilsCWE-451 3.3 Low2026-04-22
CVE-2026-35370 uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership — coreutilsCWE-863 4.4 Medium2026-04-22
CVE-2026-35369 uutils coreutils kill System-wide Process Termination and Denial of Service via Argument Misinterpretation — coreutilsCWE-20 5.5 Medium2026-04-22
CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection — coreutilsCWE-426 7.2 High2026-04-22
CVE-2026-35367 uutils coreutils nohup Information Disclosure via Insecure Default Output Permissions — coreutilsCWE-732 3.3 Low2026-04-22
CVE-2026-35366 uutils coreutils printenv Security Inspection Bypass via UTF-8 Enforcement — coreutilsCWE-754 4.4 Medium2026-04-22
CVE-2026-35365 uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion — coreutilsCWE-59 6.6 Medium2026-04-22
CVE-2026-35364 uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition — coreutilsCWE-367 6.3 Medium2026-04-22
CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization — coreutilsCWE-22 5.6 Medium2026-04-22
CVE-2026-35362 uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module — coreutilsCWE-367 3.6 Low2026-04-22
CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems — coreutilsCWE-281 3.4 Low2026-04-22
CVE-2026-35360 uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition — coreutilsCWE-367 6.3 Medium2026-04-22
CVE-2026-35359 uutils coreutils cp Information Disclosure via Time-of-Check to Time-of-Use Symlink Swap — coreutilsCWE-367 4.7 Medium2026-04-22
CVE-2026-35358 uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading — coreutilsCWE-706 4.4 Medium2026-04-22
CVE-2026-35357 uutils coreutils cp Information Disclosure via Permission Handling Race — coreutilsCWE-367 4.7 Medium2026-04-22
CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race — coreutilsCWE-367 6.3 Medium2026-04-22
CVE-2026-35355 uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race — coreutilsCWE-367 6.3 Medium2026-04-22
CVE-2026-35354 uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device — coreutilsCWE-367 4.7 Medium2026-04-22
CVE-2026-35353 uutils coreutils mkdir Permission Exposure Race Condition with -m — coreutilsCWE-367 3.3 Low2026-04-22
CVE-2026-35352 uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition — coreutilsCWE-367 7.0 High2026-04-22

This page lists every published CVE security advisory associated with Uutils. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.