Security Vulnerability Report
中文
CVE-2026-35344 CVSS 3.3 LOW

CVE-2026-35344

Published: 2026-04-22 17:16:36
Last Modified: 2026-05-04 20:09:49
Source: [email protected]

Description

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup or migration scripts, as the utility may report a successful operation even when the destination file contains old or garbage data.

CVSS Details

CVSS Score
3.3
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:uutils:coreutils:-:*:*:*:*:rust:*:* - VULNERABLE
uutils coreutils (修复前版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/bin/bash # PoC for CVE-2026-35344: Silent data corruption in uutils coreutils dd # This script demonstrates that dd might report success even when truncation fails. echo "Creating a dummy file..." touch /tmp/target_file echo "Setting file to read-only to trigger truncation failure..." chmod 000 /tmp/target_file echo "Attempting to truncate/write using uutils dd..." # Assuming 'dd' refers to the uutils version. If installed as 'uu-dd', change accordingly. dd if=/dev/zero of=/tmp/target_file bs=1M count=1 oflag=truncate 2>/dev/null if [ $? -eq 0 ]; then echo "POC Result: dd returned Success (0), but write likely failed." echo "The file size is: $(stat -c%s /tmp/target_file)" echo "This indicates the vulnerability is present (silent failure)." else echo "POC Result: dd returned Error." fi # Cleanup rm /tmp/target_file

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-35344", "sourceIdentifier": "[email protected]", "published": "2026-04-22T17:16:36.490", "lastModified": "2026-05-04T20:09:48.593", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directories caused by full disks or read-only file systems. This can lead to silent data corruption in backup or migration scripts, as the utility may report a successful operation even when the destination file contains old or garbage data."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-252"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:uutils:coreutils:-:*:*:*:*:rust:*:*", "matchCriteriaId": "4A9AF9E4-E17C-48AD-8051-B49998618839"}]}]}], "references": [{"url": "https://github.com/uutils/coreutils/issues/9745", "source": "[email protected]", "tags": ["Issue Tracking"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.