Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

Published

2023-12-27T16:15:13.363

Last Modified

2024-11-21T08:35:35.837

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-303
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application shadow-maint shadow-utils < 4.14.0 Yes
Application redhat codeready_linux_builder 8.0 Yes
Application redhat codeready_linux_builder 9.0 Yes
Application redhat codeready_linux_builder_for_arm64 8.0_aarch64 Yes
Application redhat codeready_linux_builder_for_arm64 9.0_aarch64 Yes
Application redhat codeready_linux_builder_for_ibm_z_systems 8.0_s390x Yes
Application redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x Yes
Application redhat codeready_linux_builder_for_power_little_endian 8.0_ppc64le Yes
Application redhat codeready_linux_builder_for_power_little_endian 9.0_ppc64le Yes
Operating System redhat enterprise_linux 8.0 Yes
Operating System redhat enterprise_linux 9.0 Yes
Operating System redhat enterprise_linux_for_arm_64 8.0 Yes
Operating System redhat enterprise_linux_for_arm_64 9.0 Yes
Operating System redhat enterprise_linux_for_ibm_z_systems 8.0_s390x Yes
Operating System redhat enterprise_linux_for_ibm_z_systems 9.0_s390x Yes
Operating System redhat enterprise_linux_for_power_little_endian 8.0_ppc64le Yes
Operating System redhat enterprise_linux_for_power_little_endian 9.0_ppc64le Yes
References