uutils coreutils ln Utility Logic Error Leading to Local Denial-of-Service

Vulnerability

A logic error has been identified in the ln utility of uutils coreutils, where the program improperly handles source paths with non-UTF-8 filename bytes when using target-directory forms. Unlike GNU ln, which treats filenames as raw bytes and creates links correctly, the uutils implementation enforces UTF-8 encoding. This discrepancy causes the utility to fail in environments where automated scripts or system tasks encounter valid but non-UTF-8 filenames, common on Unix filesystems, leading to a local denial-of-service for those specific operations.

Impact

This vulnerability causes the ln utility to fail when processing valid but non-UTF-8 filenames, common on Unix filesystems, leading to a local denial-of-service for affected operations.

Added: Apr 22, 2026, 6:46 PM

Updated: Apr 22, 2026, 6:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

uutils coreutils ln Utility Logic Error Leading to Local Denial-of-Service

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating