Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-14104

Опубликовано: 05 дек. 2025
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6util-linux-ngWill not fix
Red Hat Enterprise Linux 7util-linuxWill not fix
Red Hat OpenShift Container Platform 4rhcosWill not fix
Red Hat Enterprise Linux 10util-linuxFixedRHSA-2026:169602.02.2026
Red Hat Enterprise Linux 8util-linuxFixedRHSA-2026:185204.02.2026
Red Hat Enterprise Linux 8util-linuxFixedRHSA-2026:185204.02.2026
Red Hat Enterprise Linux 9util-linuxFixedRHSA-2026:191304.02.2026
Red Hat Enterprise Linux 9util-linuxFixedRHSA-2026:191304.02.2026
Red Hat Ceph Storage 7rhceph/rhceph-7-rhel9FixedRHSA-2026:280017.02.2026
Red Hat Ceph Storage 8rhceph/rhceph-8-rhel9FixedRHSA-2026:273716.02.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2419369util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

EPSS

Процентиль: 0%
0.00007
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-14104

CVSS3: 6.1
ubuntu
4 месяца назад

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

nvd логотип

CVE-2025-14104

CVSS3: 6.1
nvd
4 месяца назад

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

msrc логотип

CVE-2025-14104

CVSS3: 6.1
msrc
3 месяца назад

Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames

debian логотип

CVE-2025-14104

CVSS3: 6.1
debian
4 месяца назад

A flaw was found in util-linux. This vulnerability allows a heap buffe ...

suse-cvrf логотип

SUSE-SU-2026:0366-1

suse-cvrf
2 месяца назад

Security update for util-linux

EPSS

Процентиль: 0%
0.00007
Низкий

6.1 Medium

CVSS3