CVE-2011-0721
Debian Shadow - Improper Input Validation
Title source: ruleDescription
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
References (11)
Scores
EPSS
0.0142
EPSS Percentile
80.4%
Classification
CWE
CWE-20
Status
draft
Affected Products (1)
debian/shadow
Timeline
Published
Feb 19, 2011
Tracked Since
Feb 18, 2026