EUVD-2026-25032
GHSA-5pv5-xh52-hvrp
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR (|) and AND (&) operations. As a result, arithmetic errors (such as division by zero) occurring within "dead" branches, branches that should be ignored due to short-circuiting, are raised as fatal errors. This divergence from GNU expr behavior can cause guarded expressions within shell scripts to fail with hard errors instead of returning expected boolean results, leading to premature script termination and breaking GNU-compatible shell control flow.
AnalysisAI
Logic error in uutils coreutils expr utility evaluates parenthesized subexpressions during parsing rather than execution, breaking short-circuit evaluation for logical OR and AND operations. This causes arithmetic errors in dead code branches (e.g., division by zero) to trigger fatal errors instead of being safely ignored, breaking shell script control flow and diverging from GNU expr compatibility. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today