VDB

DEBIAN-CVE-2025-14104

DEBIAN-CVE-2025-14104 PUBLISHED CVSS 6.099999904632568 MEDIUM

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected Products

VendorProductVersions
Debian:14util-linux2.41.2-4, 2.41.2-3, 2.41.2-2
Debian:12util-linux2.40~rc2-3, 2.40~rc2-4, 2.40~rc2-5
Debian:11util-linux2.41.2-1, 2.41.2-2, 2.41.2-3
Debian:13util-linux2.42~rc2-1, 2.42-4, 0

Timeline

  • Dec 5, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›