CVE-2016-2781 | coreutils (CWE-20)

[yeyisan]

A low severity vulnerability has been discovered in your project.

Project Name: Node

Scanner Name: trivy

Cwe ID: 20

Cwe Name: Improper Input Validation

Cwe Link: https://cwe.mitre.org/data/definitions/20.html

CVE ID: CVE-2016-2781

Target: redis:latest (debian 11.3)

Packages:

• coreutils : 8.32-4 - Fixed Version:

References:

• http://seclists.org/oss-sec/2016/q1/452
• http://www.openwall.com/lists/oss-security/2016/02/28/2
• http://www.openwall.com/lists/oss-security/2016/02/28/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• https://lore.kernel.org/patchwork/patch/793178/

Tool Description: chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Custom Description: bbb

[yeyisan]

The issue has been closed by Kondukto since it is marked as won't fix.

[yeyisan]

The issue has been reopened by Kondukto since its won't fix status has been removed.

[yeyisan]

test

[yeyisan]

noonono