CVE-2016-6252
published 2017-02-17CVE-2016-6252: Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | shadow | < shadow 1:4.4-1 (bookworm) | shadow 1:4.4-1 (bookworm) |
| shadow_project | shadow | — | — |
| shadow_project | shadow | >= 0 < 1:4.4-1 | 1:4.4-1 |
| shadow_project | shadow | >= 0 < 1:4.4-1 | 1:4.4-1 |
| shadow_project | shadow | >= 0 < 1:4.4-1 | 1:4.4-1 |
| shadow_project | shadow | >= 0 < 1:4.4-1 | 1:4.4-1 |
| shadow_project | shadow | >= 0 < 1:4.1.5.1-1ubuntu9.5 | 1:4.1.5.1-1ubuntu9.5 |
| shadow_project | shadow | >= 0 < 1:4.1.5.1-1ubuntu9.4 | 1:4.1.5.1-1ubuntu9.4 |
| shadow_project | shadow | >= 0 < 1:4.2-3.1ubuntu5.3 | 1:4.2-3.1ubuntu5.3 |
| shadow_project | shadow | >= 0 < 1:4.2-3.1ubuntu5.2 | 1:4.2-3.1ubuntu5.2 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH