CVE-2023-4641

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-4641

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4641.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-4641

Downstream

BELL-CVE-2023-4641

DEBIAN-CVE-2023-4641

DLA-4130-1

OESA-2023-1687

RHSA-2023:6632

RHSA-2023:7112

RHSA-2024:0417

RHSA-2024:2577

SUSE-SU-2023:3591-1

SUSE-SU-2023:4023-1

SUSE-SU-2023:4024-1

SUSE-SU-2023:4025-1

SUSE-SU-2023:4027-1

SUSE-SU-2024:1007-1

SUSE-SU-2024:1007-2

UBUNTU-CVE-2023-4641

USN-6640-1

Related

Published

2023-12-27T16:15:13.363Z

Modified

2025-11-20T12:21:10.867887Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

References

Affected packages

Git / github.com/shadow-maint/shadow

Affected ranges

Type: GIT
Repo: https://github.com/shadow-maint/shadow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

014536f5d55df33fc032d7a14d9f9d975d569722

Affected versions

4.*

4.10

4.12

4.12.1

4.12.2

4.13

4.14.0-rc1

4.14.0-rc2

4.14.0-rc3

4.14.0-rc4

4.14.0-rc5

4.2.1

4.3.0

4.3.1

4.4

4.5

4.6

4.7

4.8

4.8.1

4.9

v4.*

v4.10

v4.11.1

v4.9