Wind River Support Network

HomeDefectsLIN1021-6444
Fixed

LIN1021-6444 : Security Advisory - shadow - CVE-2023-4641

Created: Aug 31, 2023    Updated: Dec 28, 2023
Resolved Date: Sep 12, 2023
Found In Version: 10.21.20.1
Fix Version: 10.21.20.20
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

https://nvd.nist.gov/vuln/detail/CVE-2023-4641

CVEs


Live chat
Online