Summary

Security Advisory ID : BSA-2022-1407

Component : GNU Coreutils

Revision : 1.0

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings.

Notes: Brocade Fabric OS does not utilize the keycompare_mb() function. Brocade Fabric OS is Not Affected by this vulnerability. Security updates are provided in Brocade Fabric OS version v9.1.0 to remove the vulnerable component.

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.

Solution

A security update was provided in Brocade Fabric OS v9.1.0 to remove the vulnerable components.

Revision History