CVE-2025-14104

Sažetak

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Reference

https://access.redhat.com/errata/RHSA-2026:1696
https://access.redhat.com/errata/RHSA-2026:1852
https://access.redhat.com/errata/RHSA-2026:1913
https://access.redhat.com/errata/RHSA-2026:2485
https://access.redhat.com/errata/RHSA-2026:2563
https://access.redhat.com/errata/RHSA-2026:2737
https://access.redhat.com/errata/RHSA-2026:2800
https://access.redhat.com/errata/RHSA-2026:3406
https://access.redhat.com/errata/RHSA-2026:4943
https://access.redhat.com/security/cve/CVE-2025-14104
https://bugzilla.redhat.com/show_bug.cgi?id=2419369

CVSS

Base:	6.1
Impact:	4.2
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Zadnje važnije ažuriranje

18-03-2026 - 17:16

Objavljeno

05-12-2025 - 17:16