CVE-2017-12424

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-12424
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12424.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-12424
Downstream
Related
Published
2017-08-04T09:29:00Z
Modified
2025-10-21T04:09:23.053477Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

References

Affected packages

Git / github.com/shadow-maint/shadow

Affected ranges

Type
GIT
Repo
https://github.com/shadow-maint/shadow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
954e3d2e7113e9ac06632aee3c69b8d818cc8952

Affected versions

4.*

4.2.1
4.3.0
4.3.1
4.4

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 1301.0,
            "function_hash": "202960249321229963769209149281777145406"
        },
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "commonio_sort",
            "file": "lib/commonio.c"
        },
        "signature_type": "Function",
        "id": "CVE-2017-12424-03cfbe43",
        "source": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
    },
    {
        "digest": {
            "line_hashes": [
                "97343475326322419711596104090918875231",
                "83194384294095812938514171149688776297",
                "49828281674662981068131804184564246995",
                "227046944271181385809801992820021682302",
                "1653437717679775265908824231283286026",
                "214632539084617417013768092814222728552",
                "318040977496812136268312631380998312745",
                "353291072014180465658511793697293332",
                "109635299101909868755650757144999621569",
                "173175273233810461831180419687946402416",
                "157547641036649591868026189959014193376",
                "57750577214612977192018795620048358807",
                "89344191378839295817891035874517221208"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "lib/commonio.c"
        },
        "signature_type": "Line",
        "id": "CVE-2017-12424-edcd3aea",
        "source": "https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952"
    }
]