uutils coreutils expr Utility Logic Error Vulnerability

A logic error has been identified in the expr utility of uutils coreutils, specifically in version 0.8.0. The vulnerability arises because the program evaluates parenthesized subexpressions during the parsing phase instead of the execution phase. This flaw disrupts proper short-circuiting for logical OR and AND operations, causing arithmetic errors, such as division by zero, in 'dead' branches to be treated as fatal errors. This behavior deviates from GNU expr standards, potentially causing shell scripts to terminate prematurely instead of returning the expected boolean values.

Impact

Exploitation of this vulnerability can lead to arithmetic errors being raised as fatal errors, causing shell scripts to fail and disrupt control flow.

Reproduction

The vulnerability can be reproduced by using the expr utility in a shell script that includes logical OR or AND operations with parenthesized subexpressions. The script should be executed in an environment where uutils coreutils version 0.8.0 is installed. The 'dead' branches of the logical operations should contain arithmetic expressions that would normally result in errors, such as division by zero. Due to the vulnerability, these errors will be raised as fatal, causing the script to terminate unexpectedly.

Remediation

Users can upgrade to uutils coreutils version 0.8.0 or later, where this vulnerability has been addressed.