CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Published Dec 11, 2025

https://bugzilla.redhat.com/show_bug.cgi?id=2419369

CVSS ScoreMedium

6.1

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Published Dec 11, 2025

https://bugzilla.redhat.com/show_bug.cgi?id=2419369

CVSS ScoreMedium

6.1


conda	free/util-linux	2.21
conda	main/util-linux-ng-cos6-x86_64	2.17.2
conda	msys2/m2-util-linux	2.26.2

Ecosystem	Package	Version


conda	free/util-linux	2.21
conda	main/util-linux-ng-cos6-x86_64	2.17.2
conda	msys2/m2-util-linux	2.26.2

Find vulnerabilities. Fix fast with AI.

CVE-2025-14104

CVE-2025-14104