Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
{ "binaries": [ { "binary_name": "cracklib-runtime", "binary_version": "2.9.1-1build1" }, { "binary_name": "libcrack2", "binary_version": "2.9.1-1build1" }, { "binary_name": "libcrack2-dev", "binary_version": "2.9.1-1build1" }, { "binary_name": "python-cracklib", "binary_version": "2.9.1-1build1" }, { "binary_name": "python3-cracklib", "binary_version": "2.9.1-1build1" } ] }
{ "binaries": [ { "binary_name": "cracklib-runtime", "binary_version": "2.9.2-1ubuntu1" }, { "binary_name": "libcrack2", "binary_version": "2.9.2-1ubuntu1" }, { "binary_name": "libcrack2-dev", "binary_version": "2.9.2-1ubuntu1" }, { "binary_name": "python-cracklib", "binary_version": "2.9.2-1ubuntu1" }, { "binary_name": "python3-cracklib", "binary_version": "2.9.2-1ubuntu1" } ] }