CVE-2022-0563

CWE-209CWE-119 — Buffer Overflow8 documents8 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 92.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kernel Util-linux
Timeline
PublishedFeb 21
Latest updateJun 8

Description

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

â–¶NVDkernel/util-linux< 2.37.4
â–¶CVEListV5util-linuxutil-linux 2.37.4

🔴Vulnerability Details

3
GHSA
GHSA-5896-67mw-rv4j: A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support↗2022-02-22
â–¶
OSV
CVE-2022-0563: A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support↗2022-02-21
â–¶
CVEList
CVE-2022-0563: A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support↗2022-02-21
â–¶

📋Vendor Advisories

4
CISA
Microsoft Office Buffer Overflow Vulnerability↗2022-06-08
â–¶
Red Hat
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline↗2022-02-14
â–¶
Microsoft
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. Wh↗2022-02-08
â–¶
Debian
CVE-2022-0563: util-linux - A flaw was found in the util-linux chfn and chsh utilities when compiled with Re...↗2022
â–¶
CVE-2022-0563 (MEDIUM CVSS 5.5) | A flaw was found in the util-linux | cvebase.io