3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.0004 Low
EPSS
Percentile
15.5%
sShadow is vulnerable to improper neutralization of special Elements. The vulnerability exists due to a lack of validation in the SUID program, which allows an attacker to crash the application using social engineering, resulting in a denial of service
github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
github.com/shadow-maint/shadow/pull/687
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797