CVE-2023-4641

medium

Description

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

References

Advisories
More

https://access.redhat.com/security/cve/CVE-2023-4641

https://access.redhat.com/errata/RHSA-2024:2577

https://access.redhat.com/errata/RHSA-2024:0417

https://access.redhat.com/errata/RHSA-2023:7112

https://access.redhat.com/errata/RHSA-2023:6632

https://bugzilla.redhat.com/show_bug.cgi?id=2215945

Details

Source: Mitre, NVD

Published: 2023-12-27

Updated: 2024-05-03

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00066

	
		OSZAR »