CVE-2025-14104

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions util-linux (affected versions not specified)

Description A flaw exists in util-linux that allows a heap buffer overread when processing 256-byte usernames. This issue is specifically present within the setpwnam() function and impacts SUID (Set User ID) login-utils utilities that write to the password database. The vulnerability occurs when the setpwnam() function processes usernames.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

LPE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:1696

ALSA-2026:1852

ALSA-2026:1913

AZL-72305

AZL-72307

BDU:2026-02747

CVE-2025-14104

ECHO-2993-D712-59CE

OPENSUSE-SU-2026:10072-1

OPENSUSE-SU-2026:20495-1

RHSA-2026:1696

RHSA-2026:1852

RHSA-2026:1913

RHSA-2026:7180

SUSE-SU-2026:0115-1

SUSE-SU-2026:0116-1

SUSE-SU-2026:0117-1

SUSE-SU-2026:0230-1

SUSE-SU-2026:0366-1

SUSE-SU-2026:0510-1

SUSE-SU-2026:20346-1

SUSE-SU-2026:20365-1

SUSE-SU-2026:21016-1

SUSE-SU-2026:21158-1

Affected Products

Debian

Rocky Linux

Util-Linux

CVE-2025-14104

Weakness Enumeration

Related Identifiers

Affected Products

References · 84