Описание
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not compiled |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | not-affected | code not compiled |
| noble | not-affected | code not compiled |
| plucky | not-affected | code not compiled |
| questing | not-affected | code not compiled |
| upstream | released | 2.41.3-1 |
Показывать по
6.1 Medium
CVSS3
Связанные уязвимости
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames
A flaw was found in util-linux. This vulnerability allows a heap buffe ...
6.1 Medium
CVSS3