CVE-2025-14104
Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
05 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Productos afectados
Red Hat · Red Hat Ceph Storage 7Red Hat · Red Hat Ceph Storage 8Red Hat · Red Hat Ceph Storage 9Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Hardened ImagesRed Hat · Red Hat Insights proxy 1.5Red Hat · Red Hat In-Vehicle Operating System 1Red Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat Update Infrastructure 5util-linux · util-linux¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2026:1696https://access.redhat.com/errata/RHSA-2026:1852https://access.redhat.com/errata/RHSA-2026:1913https://access.redhat.com/errata/RHSA-2026:2485https://access.redhat.com/errata/RHSA-2026:2563https://access.redhat.com/errata/RHSA-2026:2737https://access.redhat.com/errata/RHSA-2026:2800https://access.redhat.com/errata/RHSA-2026:3406https://access.redhat.com/errata/RHSA-2026:4943https://access.redhat.com/errata/RHSA-2026:7180https://access.redhat.com/security/cve/CVE-2025-14104https://bugzilla.redhat.com/show_bug.cgi?id=2419369