CVE-2023-4641
MEDIUMshadow-utils < 4.14.0 - Password Exposure via Uncleared Memory Buffer
Title source: llmDescription
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6632
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7112
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0417
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2577
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-4641
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2215945
Scores
CVSS v3
4.7
EPSS
0.0026
EPSS Percentile
16.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-287
CWE-303
Status
published
Products (17)
redhat/codeready_linux_builder
8.0
redhat/codeready_linux_builder
9.0
redhat/codeready_linux_builder_for_arm64
8.0_aarch64
redhat/codeready_linux_builder_for_arm64
9.0_aarch64
redhat/codeready_linux_builder_for_ibm_z_systems
8.0_s390x
redhat/codeready_linux_builder_for_ibm_z_systems
9.0_s390x
redhat/codeready_linux_builder_for_power_little_endian
8.0_ppc64le
redhat/codeready_linux_builder_for_power_little_endian
9.0_ppc64le
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
... and 7 more
Published
Dec 27, 2023
Tracked Since
Feb 18, 2026