cvedb.io
CVE-2025-14104
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-12-05T17:16:03.117 · Last modified 2026-06-30T00:16:53.040

Summary

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.