Wind River Support Network

HomeDefectsLIN1022-5258
Fixed

LIN1022-5258 : Security Advisory - shadow - CVE-2023-4641

Created: Sep 1, 2023    Updated: Dec 29, 2023
Resolved Date: Nov 20, 2023
Found In Version: 10.22.33.1
Fix Version: 10.22.33.14
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

https://nvd.nist.gov/vuln/detail/CVE-2023-4641

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube