Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-4641

Опубликовано: 27 дек. 2023
Источник: nvd
CVSS3: 4.7
CVSS3: 5.5
EPSS Низкий

Описание

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:shadow-maint:shadow-utils:*:*:*:*:*:*:*:*
Версия до 4.14.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*

EPSS

Процентиль: 2%
0.00015
Низкий

4.7 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-303
CWE-287

Связанные уязвимости

ubuntu логотип

CVE-2023-4641

CVSS3: 4.7
ubuntu
больше 1 года назад

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

redhat логотип

CVE-2023-4641

CVSS3: 4.7
redhat
около 2 лет назад

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

msrc логотип

CVE-2023-4641

CVSS3: 5.5
msrc
4 месяца назад

Описание отсутствует

debian логотип

CVE-2023-4641

CVSS3: 4.7
debian
больше 1 года назад

A flaw was found in shadow-utils. When asking for a new password, shad ...

suse-cvrf логотип

SUSE-SU-2023:4027-1

suse-cvrf
почти 2 года назад

Security update for shadow

EPSS

Процентиль: 2%
0.00015
Низкий

4.7 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-303
CWE-287