{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71705?format=json","vulnerability_id":"VCID-yaxf-65d5-7qck","summary":"A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code path that fails to check the record suppression status. Consequently, uutils cut emits the entire record plus a NUL byte instead of suppressing it. This divergence from GNU coreutils behavior creates a data integrity risk for automated pipelines that rely on cut -s to filter out undelimited data.","aliases":[{"alias":"CVE-2026-35381"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103016?format=json","purl":"pkg:deb/debian/rust-coreutils@0.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103013?format=json","purl":"pkg:deb/debian/rust-coreutils@0.9.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.9.0-3%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103011?format=json","purl":"pkg:deb/debian/rust-coreutils@0.0.17-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xma-bq3c-u3h9"},{"vulnerability":"VCID-3npq-hj69-cygg"},{"vulnerability":"VCID-45py-d4z2-33eh"},{"vulnerability":"VCID-4asg-vgfk-n7av"},{"vulnerability":"VCID-7agw-m43h-pkb1"},{"vulnerability":"VCID-868e-a9h5-vuc7"},{"vulnerability":"VCID-8wnr-wkj1-n3fw"},{"vulnerability":"VCID-9wd6-ma2f-dfar"},{"vulnerability":"VCID-aghn-83cb-rbf2"},{"vulnerability":"VCID-an5a-3u2z-bqck"},{"vulnerability":"VCID-cz18-jcfj-ruc9"},{"vulnerability":"VCID-f86r-a3zm-3bcd"},{"vulnerability":"VCID-fagp-1t6k-vffu"},{"vulnerability":"VCID-fmgt-fwj4-wqdu"},{"vulnerability":"VCID-g5yr-q2gm-tkhk"},{"vulnerability":"VCID-gtvr-x9jh-w7gk"},{"vulnerability":"VCID-jfqg-n8g4-y7e3"},{"vulnerability":"VCID-jkhc-vvqy-uygx"},{"vulnerability":"VCID-jkma-75vp-xyck"},{"vulnerability":"VCID-ka1w-rgg3-c3hn"},{"vulnerability":"VCID-mfjq-bkgq-yycg"},{"vulnerability":"VCID-q9pt-1vcd-37bg"},{"vulnerability":"VCID-rkja-wb14-m3hw"},{"vulnerability":"VCID-rn89-dxgw-bue8"},{"vulnerability":"VCID-rze6-x7s8-2fb1"},{"vulnerability":"VCID-s1us-54av-gfhb"},{"vulnerability":"VCID-szfn-p4u1-k3bp"},{"vulnerability":"VCID-x173-jyfw-1ued"},{"vulnerability":"VCID-xp6n-t68q-93dv"},{"vulnerability":"VCID-xves-5auj-yqdg"},{"vulnerability":"VCID-yaxf-65d5-7qck"},{"vulnerability":"VCID-ztuq-wank-67fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.0.17-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103012?format=json","purl":"pkg:deb/debian/rust-coreutils@0.0.30-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xma-bq3c-u3h9"},{"vulnerability":"VCID-3npq-hj69-cygg"},{"vulnerability":"VCID-45py-d4z2-33eh"},{"vulnerability":"VCID-4asg-vgfk-n7av"},{"vulnerability":"VCID-7agw-m43h-pkb1"},{"vulnerability":"VCID-868e-a9h5-vuc7"},{"vulnerability":"VCID-8wnr-wkj1-n3fw"},{"vulnerability":"VCID-9wd6-ma2f-dfar"},{"vulnerability":"VCID-aghn-83cb-rbf2"},{"vulnerability":"VCID-an5a-3u2z-bqck"},{"vulnerability":"VCID-cz18-jcfj-ruc9"},{"vulnerability":"VCID-f86r-a3zm-3bcd"},{"vulnerability":"VCID-fagp-1t6k-vffu"},{"vulnerability":"VCID-fmgt-fwj4-wqdu"},{"vulnerability":"VCID-g5yr-q2gm-tkhk"},{"vulnerability":"VCID-gtvr-x9jh-w7gk"},{"vulnerability":"VCID-jfqg-n8g4-y7e3"},{"vulnerability":"VCID-jkhc-vvqy-uygx"},{"vulnerability":"VCID-jkma-75vp-xyck"},{"vulnerability":"VCID-ka1w-rgg3-c3hn"},{"vulnerability":"VCID-mfjq-bkgq-yycg"},{"vulnerability":"VCID-q9pt-1vcd-37bg"},{"vulnerability":"VCID-rkja-wb14-m3hw"},{"vulnerability":"VCID-rn89-dxgw-bue8"},{"vulnerability":"VCID-rze6-x7s8-2fb1"},{"vulnerability":"VCID-s1us-54av-gfhb"},{"vulnerability":"VCID-szfn-p4u1-k3bp"},{"vulnerability":"VCID-x173-jyfw-1ued"},{"vulnerability":"VCID-xp6n-t68q-93dv"},{"vulnerability":"VCID-xves-5auj-yqdg"},{"vulnerability":"VCID-yaxf-65d5-7qck"},{"vulnerability":"VCID-ztuq-wank-67fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-coreutils@0.0.30-2%3Fdistro=trixie"}],"references":[{"reference_url":"https://github.com/uutils/coreutils/releases/tag/0.8.0","reference_id":"0.8.0","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T16:52:48Z/"}],"url":"https://github.com/uutils/coreutils/releases/tag/0.8.0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134876","reference_id":"1134876","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134876"},{"reference_url":"https://github.com/uutils/coreutils/pull/11394","reference_id":"11394","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T16:52:48Z/"}],"url":"https://github.com/uutils/coreutils/pull/11394"}],"weaknesses":[{"cwe_id":684,"name":"Incorrect Provision of Specified Functionality","description":"The code does not function according to its published specifications, potentially leading to incorrect usage."}],"exploits":[],"severity_range_score":"3.3 - 3.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yaxf-65d5-7qck"}