DEBIAN-CVE-2026-3184

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2026-3184
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3184.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-3184
Upstream
  • CVE-2026-3184
Published
2026-04-03T19:17:23.377Z
Modified
2026-05-02T09:04:13.876487Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in util-linux. Improper hostname canonicalization in the login(1) utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAM_RHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.

References

Affected packages

Debian:11 / util-linux

Package

Name
util-linux
Purl
pkg:deb/debian/util-linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.36.1-8
2.36.1-8+deb11u1
2.36.1-8+deb11u2
2.37.2-1
2.37.2-2
2.37.2-3
2.37.2-4
2.37.2-5
2.37.2-6
2.37.3-1
2.38~rc1-1
2.38~rc2-1
2.38-1
2.38-2
2.38-3
2.38-4
2.38-4+exp1
2.38-4+exp2
2.38-5
2.38-5+exp1
2.38-6
2.38.1-1
2.38.1-1.1
2.38.1-2
2.38.1-3
2.38.1-4
2.38.1-4+exp1
2.38.1-5
2.38.1-5+loong64
2.38.1-6
2.39.1-1
2.39.1-2
2.39.1-3
2.39.1-4
2.39.2-1
2.39.2-2
2.39.2-2.1
2.39.2-2.2
2.39.2-3
2.39.2-4
2.39.2-5
2.39.2-6
2.39.3-1
2.39.3-2
2.39.3-3
2.39.3-4
2.39.3-5
2.39.3-6
2.39.3-6.1~exp1
2.39.3-6.1
2.39.3-7
2.39.3-8
2.39.3-9
2.39.3-10
2.39.3-11
2.40~rc2-1
2.40~rc2-2
2.40~rc2-3
2.40~rc2-4
2.40~rc2-5
2.40~rc2-6
2.40~rc2-7
2.40~rc2-8
2.40-1
2.40-2
2.40-3
2.40-4
2.40-5
2.40-6
2.40-7
2.40-8
2.40.1-1
2.40.1-2
2.40.1-3
2.40.1-4
2.40.1-4+hurd.1
2.40.1-6
2.40.1-7
2.40.1-8
2.40.1-8.1
2.40.1-9
2.40.2-1
2.40.2-2
2.40.2-3
2.40.2-4
2.40.2-5
2.40.2-6
2.40.2-7
2.40.2-8
2.40.2-9
2.40.2-10
2.40.2-11
2.40.2-12
2.40.2-12+hurd.1
2.40.2-13
2.40.2-14
2.40.3-1
2.40.4-1
2.40.4-2
2.40.4-3
2.40.4-4
2.40.4-5
2.41~rc1-1
2.41~rc1-2
2.41~rc2-1
2.41-1
2.41-2
2.41-3
2.41-4
2.41-5
2.41.1-1
2.41.1-2
2.41.1-3
2.41.1-4
2.41.2-1
2.41.2-2
2.41.2-3
2.41.2-4
2.41.3-1
2.41.3-2
2.41.3-3
2.41.3-4
2.42~rc1-1
2.42~rc1-2
2.42~rc1-3
2.42~rc2-1
2.42-1
2.42-2
2.42-3
2.42-4
2.42-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3184.json"

Debian:12 / util-linux

Package

Name
util-linux
Purl
pkg:deb/debian/util-linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.38.1-5
2.38.1-5+deb12u1
2.38.1-5+deb12u2
2.38.1-5+deb12u3
2.38.1-5+loong64
2.38.1-6
2.39.1-1
2.39.1-2
2.39.1-3
2.39.1-4
2.39.2-1
2.39.2-2
2.39.2-2.1
2.39.2-2.2
2.39.2-3
2.39.2-4
2.39.2-5
2.39.2-6
2.39.3-1
2.39.3-2
2.39.3-3
2.39.3-4
2.39.3-5
2.39.3-6
2.39.3-6.1~exp1
2.39.3-6.1
2.39.3-7
2.39.3-8
2.39.3-9
2.39.3-10
2.39.3-11
2.40~rc2-1
2.40~rc2-2
2.40~rc2-3
2.40~rc2-4
2.40~rc2-5
2.40~rc2-6
2.40~rc2-7
2.40~rc2-8
2.40-1
2.40-2
2.40-3
2.40-4
2.40-5
2.40-6
2.40-7
2.40-8
2.40.1-1
2.40.1-2
2.40.1-3
2.40.1-4
2.40.1-4+hurd.1
2.40.1-6
2.40.1-7
2.40.1-8
2.40.1-8.1
2.40.1-9
2.40.2-1
2.40.2-2
2.40.2-3
2.40.2-4
2.40.2-5
2.40.2-6
2.40.2-7
2.40.2-8
2.40.2-9
2.40.2-10
2.40.2-11
2.40.2-12
2.40.2-12+hurd.1
2.40.2-13
2.40.2-14
2.40.3-1
2.40.4-1
2.40.4-2
2.40.4-3
2.40.4-4
2.40.4-5
2.41~rc1-1
2.41~rc1-2
2.41~rc2-1
2.41-1
2.41-2
2.41-3
2.41-4
2.41-5
2.41.1-1
2.41.1-2
2.41.1-3
2.41.1-4
2.41.2-1
2.41.2-2
2.41.2-3
2.41.2-4
2.41.3-1
2.41.3-2
2.41.3-3
2.41.3-4
2.42~rc1-1
2.42~rc1-2
2.42~rc1-3
2.42~rc2-1
2.42-1
2.42-2
2.42-3
2.42-4
2.42-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3184.json"

Debian:13 / util-linux

Package

Name
util-linux
Purl
pkg:deb/debian/util-linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.41-5
2.41.1-1
2.41.1-2
2.41.1-3
2.41.1-4
2.41.2-1
2.41.2-2
2.41.2-3
2.41.2-4
2.41.3-1
2.41.3-2
2.41.3-3
2.41.3-4
2.42~rc1-1
2.42~rc1-2
2.42~rc1-3
2.42~rc2-1
2.42-1
2.42-2
2.42-3
2.42-4
2.42-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3184.json"

Debian:14 / util-linux

Package

Name
util-linux
Purl
pkg:deb/debian/util-linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.41-5
2.41.1-1
2.41.1-2
2.41.1-3
2.41.1-4
2.41.2-1
2.41.2-2
2.41.2-3
2.41.2-4
2.41.3-1
2.41.3-2
2.41.3-3
2.41.3-4
2.42~rc1-1
2.42~rc1-2
2.42~rc1-3
2.42~rc2-1
2.42-1
2.42-2
2.42-3
2.42-4
2.42-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-3184.json"