← Voltar para CVEs
CVE-2022-0563
MEDIUM5.5
Descricao
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
Detalhes CVE
Pontuacao CVSS v3.15.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/21/2022
Ultima modificacao6/9/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
kernel:util-linuxnetapp:ontap_select_deploy_administration_utility
Fraquezas (CWE)
CWE-209CWE-209
Referencias
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u(secalert@redhat.com)
https://security.gentoo.org/glsa/202401-08(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20220331-0002/(secalert@redhat.com)
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-08(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220331-0002/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.