CVE-2011-0721

CWE-20Improper Input Validation8 documents8 sources
Severity
6.4MEDIUM
EPSS
1.4%
top 19.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Shadow
Timeline
PublishedFeb 19
Latest updateMay 17

Description

Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

Debianshadow< 1:4.1.4.2+svn3283-3+3

🔴Vulnerability Details

3
GHSA
GHSA-6wqp-749m-jfw7: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:42022-05-17
OSV
CVE-2011-0721: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:42011-02-19
CVEList
CVE-2011-0721: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:42011-02-18

📋Vendor Advisories

3
Red Hat
shadow: Multiple CRLF injections in chfn and chsh2011-02-15
Ubuntu
shadow vulnerability2011-02-15
Debian
CVE-2011-0721: shadow - Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1...2011

💬Community

1
Bugzilla
CVE-2011-0721 shadow: Multiple CRLF injections in chfn and chsh2011-02-20
CVE-2011-0721 (MEDIUM CVSS 6.4) | Multiple CRLF injection vulnerabili | cvebase.io