Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:41147
HistoryJul 08, 2023 - 4:07 p.m.

Improper Neutralization Of Special Elements

2023-07-0816:07:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
sshadow
denial of service
social engineering
software vulnerability

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

15.5%

sShadow is vulnerable to improper neutralization of special Elements. The vulnerability exists due to a lack of validation in the SUID program, which allows an attacker to crash the application using social engineering, resulting in a denial of service

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

15.5%