VYPR

Shadow

by Shadow Project

Source repositories

CVEs (3)

  • CVE-2017-12424CriAug 4, 2017
    risk 0.64cvss 9.8epss 0.03

    In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege…

  • CVE-2016-6252HigFeb 17, 2017
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

  • CVE-2023-4641Dec 27, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve…