CVE-2024-0684 identifies a heap-based buffer overflow vulnerability in the GNU coreutils 'split' utility, specifically in versions 9.2 through 9.4. The vulnerability arises in the line_bytes_split() function, which processes user input to split files into smaller parts. When processing user-controlled data of several hundred bytes, the function fails to properly validate or limit memory allocation or copying, leading to a heap overflow condition. This overflow can corrupt the heap memory, causing the application to crash and resulting in a denial of service (DoS). The vulnerability requires local access with low privileges (AV:L) and low attack complexity (AC:L), with no user interaction needed (UI:N). The scope is unchanged (S:U), and the impact affects availability only (A:H), with no confidentiality or integrity loss. Although no known exploits are reported in the wild, the flaw poses a risk to systems relying on the split utility for file processing tasks. The vulnerability is tracked under CVE-2024-0684 with a CVSS v3.1 base score of 5.5, indicating medium severity. The flaw was publicly disclosed on February 6, 2024, and assigned by the Fedora security team. No patches or exploit indicators are currently listed, suggesting that mitigation efforts should focus on updating coreutils or applying workarounds.

The primary impact of CVE-2024-0684 is denial of service due to application crashes when the vulnerable split utility processes crafted input. This can disrupt automated file splitting operations, batch processing, or scripts relying on coreutils, potentially affecting system stability and availability. Since the vulnerability requires local access, attackers must already have some level of system access to exploit it, limiting remote exploitation risks. However, in multi-user environments or shared systems, malicious users could intentionally trigger crashes to disrupt services or workflows. The lack of confidentiality or integrity impact means data theft or manipulation is not a concern from this vulnerability alone. Organizations with critical systems that use GNU coreutils extensively, especially in automated pipelines or embedded systems, may experience operational interruptions. The absence of known exploits reduces immediate risk but does not eliminate the need for timely remediation.

To mitigate CVE-2024-0684, organizations should: 1) Upgrade GNU coreutils to a patched version once available from trusted repositories or vendors; 2) Until patches are released, restrict access to the split utility by limiting user permissions and employing access controls to prevent untrusted users from executing it; 3) Monitor system logs and application behavior for unexpected crashes or anomalies related to split usage; 4) Implement input validation or sanitization in scripts or applications invoking split to avoid processing untrusted or excessively large input data; 5) Use containerization or sandboxing to isolate processes running split, minimizing impact of potential crashes; 6) Employ system-level resource limits (e.g., ulimit) to constrain memory usage and reduce risk of heap corruption; 7) Educate system administrators and users about the vulnerability to avoid inadvertent exploitation; and 8) Follow vendor advisories and apply security updates promptly once patches are available.