CVE-2004-2395

3 documents3 sources

Severity

2.1LOW

EPSS

0.1%

top 79.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server Mandrakesoft Mandrake Multi Network Firewall

Timeline

PublishedDec 31

Latest updateApr 29

Description

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDmandrakesoft/mandrake_linux5 versions+4

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

▶NVDmandrakesoft/mandrake_multi_network_firewall8.2

Patches

Patch: bugzilla.redhat.com ↗Patch: www.mandriva.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8h63-79mj-3p3q: Memory leak in passwd 0↗2022-04-29

▶

CVEList

CVE-2004-2395: Memory leak in passwd 0↗2005-08-17

▶