uutils coreutils env Utility Command-Line Argument Parsing Logic Error Vulnerability

A logic error has been identified in the env utility of uutils coreutils, specifically related to the -S (split-string) option. Unlike GNU env, which correctly interprets backslashes within single quotes (except for certain escape sequences), the uutils version improperly validates these sequences. This misvalidation leads to an 'invalid sequence' error, causing the process to terminate with an exit status of 125 when it encounters valid but unrecognized sequences. As a result, this vulnerability disrupts compatibility with automated scripts and administrative tasks that depend on standard split-string functionality, causing a local denial-of-service for those operations.

Impact

Exploitation of this vulnerability causes a local denial-of-service by disrupting command-line operations that rely on the env utility's split-string functionality.