util-linux Heap Buffer Overread

MEDIUM (6.1) No Patch (9 days)

cwe-125

Threat Intelligence

Low Risk

EPSS Score: 0.01% chance of exploitation (percentile: 2%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The util-linux package is a collection of essential system utilities for Linux systems. These utilities include tools like setpwnam() which writes to the password database. The vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within this function.

Am I affected?

You're affected if you use A flaw was found. Specific version info not stated in the advisory.

Affected Products

Linux Foundation / util-linux

How to fix

No public patch link found in the advisory. Contact the vendor directly for remediation guidance.

References

access.redhat.com
bugzilla.redhat.com