AZL-72307

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72307.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-72307

Upstream

CVE-2025-14104

Published

2025-12-05T17:16:03Z

Modified

2026-04-21T04:36:43.006432Z

Summary

CVE-2025-14104 affecting package util-linux for versions less than 2.37.4-10

Details

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-14104

Affected packages

Azure Linux:2 / util-linux

Package

Name: util-linux
Purl: pkg:rpm/azure-linux/util-linux

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.37.4-10

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-72307.json"