CVE-2016-6252 — Integer Overflow or Wraparound in Project Shadow

CWE-190 — Integer Overflow or Wraparound12 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 71.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Shadow Project Shadow

Timeline

PublishedFeb 17

Latest updateMay 17

Description

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Debianshadow_project/shadow< 1:4.4-1+3

▶Ubuntushadow_project/shadow< 1:4.1.5.1-1ubuntu9.5+3

▶NVDshadow_project/shadow4.2.1

Patches

Patch: www.openwall.com ↗Patch: bugzilla.suse.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-8rg4-9fq3-cf7g: Integer overflow in shadow 4↗2022-05-17

▶

OSV

shadow regression↗2017-05-17

▶

OSV

shadow vulnerabilities↗2017-05-05

▶

OSV

CVE-2016-6252: Integer overflow in shadow 4↗2017-02-17

▶

CVEList

CVE-2016-6252: Integer overflow in shadow 4↗2017-02-17

▶

📋Vendor Advisories

Ubuntu

shadow regression↗2017-05-17

▶

Ubuntu

shadow vulnerabilities↗2017-05-05

▶

Red Hat

shadow-utils: Incorrect integer handling results in LPE↗2016-07-19

▶

Debian

CVE-2016-6252: shadow - Integer overflow in shadow 4.2.1 allows local users to gain privileges via craft...↗2016

▶

💬Community

Bugzilla

CVE-2016-6251 CVE-2016-6252 shadow-utils: various flaws [fedora-all]↗2016-07-21

▶

Bugzilla

CVE-2016-6252 shadow-utils: Incorrect integer handling results in LPE↗2016-07-21

▶