uutils coreutils Cut Utility Newline Delimiter Option Handling Vulnerability

A vulnerability exists in the cut utility of uutils coreutils version 0.7.0. The issue arises with the -s (only-delimited) option when a newline character is used as the delimiter. The function cut_fields_newline_char_delim fails to properly check the only_delimited flag, allowing non-delimited lines to be printed instead of suppressed. This oversight can result in unintended data being sent to downstream scripts that depend on precise output filtering.

Impact

Exploitation of this vulnerability can cause incorrect data to be passed to scripts, potentially leading to errors or unintended behavior in script execution.

Reproduction

To reproduce this vulnerability, use the cut utility from uutils coreutils version 0.7.0. Specify the -s option along with a newline delimiter. The utility will incorrectly output non-delimited lines that should have been suppressed, demonstrating the flaw in handling the only-delimited option with newline as a delimiter.

Remediation

Users can update to uutils coreutils version 0.7.0 or later, where this issue has been fixed.