CVE-2020-13776
Severity
6.7MEDIUM
EPSS
0.1%
top 66.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 3
Latest updateMay 24
Description
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages2 packages
Also affects: Fedora 32
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-g2fm-j5p3-x5h7: systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of ro↗2022-05-24
OSV▶
CVE-2020-13776: systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of ro↗2020-06-03
CVEList▶
CVE-2020-13776: systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of ro↗2020-06-03
📋Vendor Advisories
3Microsoft▶
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits as demonstrated by use of root privileges when privileges of the 0x0 user accou↗2020-06-09
Red Hat▶
systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits↗2020-05-31
Debian▶
CVE-2020-13776: systemd - systemd through v245 mishandles numerical usernames such as ones composed of dec...↗2020