In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux",
"cpes": [
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
]
}
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:shadow_project:shadow:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.5"
}
]
}"2026-07-08T12:05:07Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12424.json"
[
{
"id": "CVE-2017-12424-03cfbe43",
"digest": {
"function_hash": "202960249321229963769209149281777145406",
"length": 1301.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952",
"deprecated": false,
"target": {
"function": "commonio_sort",
"file": "lib/commonio.c"
}
},
{
"id": "CVE-2017-12424-edcd3aea",
"digest": {
"line_hashes": [
"97343475326322419711596104090918875231",
"83194384294095812938514171149688776297",
"49828281674662981068131804184564246995",
"227046944271181385809801992820021682302",
"1653437717679775265908824231283286026",
"214632539084617417013768092814222728552",
"318040977496812136268312631380998312745",
"353291072014180465658511793697293332",
"109635299101909868755650757144999621569",
"173175273233810461831180419687946402416",
"157547641036649591868026189959014193376",
"57750577214612977192018795620048358807",
"89344191378839295817891035874517221208"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952",
"deprecated": false,
"target": {
"file": "lib/commonio.c"
}
}
]