VDB
DEBIAN-CVE-2025-14104
DEBIAN-CVE-2025-14104
PUBLISHED
CVSS 6.099999904632568 MEDIUM
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | util-linux | 2.41.2-4, 2.41.2-3, 2.41.2-2 |
| Debian:12 | util-linux | 2.40~rc2-3, 2.40~rc2-4, 2.40~rc2-5 |
| Debian:11 | util-linux | 2.41.2-1, 2.41.2-2, 2.41.2-3 |
| Debian:13 | util-linux | 2.42~rc2-1, 2.42-4, 0 |
Timeline
- Dec 5, 2025 CVE Published
- Apr 28, 2026 CVE Updated