CVE-2026-35346 in coreutils情報

要約

〜によって MITRE • 2026年04月22日

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD). This behavior differs from GNU comm, which processes raw bytes and preserves the original input. This results in corrupted output when the utility is used to compare binary files or files using non-UTF-8 legacy encodings.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Canonical

予約する

2026年04月02日

公開

2026年04月22日

モデレーション

承諾済み

エントリ

VDB-358989

CPE

準備完了

CWE

CWE-176 (確認済み)

CVSS

3.3 (CNA)

EPSS

0.00014

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-35346
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-35346
CVE Details	https://www.cvedetails.com/cve/CVE-2026-35346/

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!