Critical severity9.8NVD Advisory· Published Aug 4, 2017· Updated Jun 17, 2026
CVE-2017-12424
CVE-2017-12424
Description
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords7 versionspkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/shadow&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 4.2.1-27.3.3+ 6 more
- (no CPE)range: < 4.2.1-27.3.3
- (no CPE)range: < 4.2.1-27.3.3
- (no CPE)range: < 4.2.1-27.3.3
- (no CPE)range: < 4.2.1-27.3.3
- (no CPE)range: < 4.2.1-27.3.3
- (no CPE)range: < 4.2.1-27.3.3
- (no CPE)range: < 4.2.1-27.3.3
Patches
Vulnerability mechanics
References
5- github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952nvdPatchThird Party Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingThird Party Advisory
- bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675nvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/03/msg00020.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201710-16nvdThird Party Advisory
News mentions
0No linked articles in our index yet.