2460772 – (CVE-2026-35343) CVE-2026-35343 rust-coreutils: cut: inconsistent output suppression with newline delimiters

Bug 2460772 (CVE-2026-35343) - CVE-2026-35343 rust-coreutils: cut: inconsistent output suppression with newline delimiters

Summary: CVE-2026-35343 rust-coreutils: cut: inconsistent output suppression with newl...

Keywords:
Status:	NEW
Alias:	CVE-2026-35343
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2461674 2461675
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-22 17:01 UTC by OSIDB Bzimport
Modified:	2026-04-24 19:58 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-22 17:01:50 UTC

The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited flag in the cut_fields_newline_char_delim function, causing the utility to print non-delimited lines that should have been suppressed. This can lead to unexpected data being passed to downstream scripts that rely on strict output filtering.

Note You need to log in before you can comment on or make changes to this bug.