Heap Buffer Overread Vulnerability in util-linux by Red Hat
CVE-2025-14104
6.1MEDIUM
Key Information:
- Vendor
Util-linux
- Vendor
- CVE Published:
- 5 December 2025
What is CVE-2025-14104?
A vulnerability exists in the util-linux package, specifically within the setpwnam() function. This flaw allows for a heap buffer overread when processing usernames that are 256 bytes long. It affects the SUID (Set User ID) login-utils utilities that interact with the password database, potentially exposing sensitive information and posing a risk to system integrity.
Affected Version(s)
Red Hat Ceph Storage 7 1770632724
Red Hat Ceph Storage 8 1770630907
Red Hat Ceph Storage 9 1771816028
