Fluid Attacks Database

Description

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	util-linux	=2.36.1-8 \|\| =2.36.1-8+deb11u1 \|\| =2.36.1-8+deb11u2 \|\| =2.37.2-1 \|\| =2.37.2-2 \|\| =2.37.2-3 \|\| =2.37.2-4 \|\| =2.37.2-5 \|\| =2.37.2-6 \|\| =2.37.3-1 \|\| =2.38-1 \|\| =2.38-2 \|\| =2.38-3 \|\| =2.38-4 \|\| =2.38-4+exp1 \|\| =2.38-4+exp2 \|\| =2.38-5 \|\| =2.38-5+exp1 \|\| =2.38-6 \|\| =2.38.1-1 \|\| =2.38.1-1.1 \|\| =2.38.1-2 \|\| =2.38.1-3 \|\| =2.38.1-4 \|\| =2.38.1-4+exp1 \|\| =2.38.1-5 \|\| =2.38.1-5+loong64 \|\| =2.38.1-6 \|\| =2.38~rc1-1 \|\| =2.38~rc2-1 \|\| =2.39.1-1 \|\| =2.39.1-2 \|\| =2.39.1-3 \|\| =2.39.1-4 \|\| =2.39.2-1 \|\| =2.39.2-2 \|\| =2.39.2-2.1 \|\| =2.39.2-2.2 \|\| =2.39.2-3 \|\| =2.39.2-4 \|\| =2.39.2-5 \|\| =2.39.2-6 \|\| =2.39.3-1 \|\| =2.39.3-10 \|\| =2.39.3-11 \|\| =2.39.3-2 \|\| =2.39.3-3 \|\| =2.39.3-4 \|\| =2.39.3-5 \|\| =2.39.3-6 \|\| =2.39.3-6.1 \|\| =2.39.3-6.1~exp1 \|\| =2.39.3-7 \|\| =2.39.3-8 \|\| =2.39.3-9 \|\| =2.40-1 \|\| =2.40-2 \|\| =2.40-3 \|\| =2.40-4 \|\| =2.40-5 \|\| =2.40-6 \|\| =2.40-7 \|\| =2.40-8 \|\| =2.40.1-1 \|\| =2.40.1-2 \|\| =2.40.1-3 \|\| =2.40.1-4 \|\| =2.40.1-4+hurd.1 \|\| =2.40.1-6 \|\| =2.40.1-7 \|\| =2.40.1-8 \|\| =2.40.1-8.1 \|\| =2.40.1-9 \|\| =2.40.2-1 \|\| =2.40.2-10 \|\| =2.40.2-11 \|\| =2.40.2-12 \|\| =2.40.2-12+hurd.1 \|\| =2.40.2-13 \|\| =2.40.2-14 \|\| =2.40.2-2 \|\| =2.40.2-3 \|\| =2.40.2-4 \|\| =2.40.2-5 \|\| =2.40.2-6 \|\| =2.40.2-7 \|\| =2.40.2-8 \|\| =2.40.2-9 \|\| =2.40.3-1 \|\| =2.40.4-1 \|\| =2.40.4-2 \|\| =2.40.4-3 \|\| =2.40.4-4 \|\| =2.40.4-5 \|\| =2.40~rc2-1 \|\| =2.40~rc2-2 \|\| =2.40~rc2-3 \|\| =2.40~rc2-4 \|\| =2.40~rc2-5 \|\| =2.40~rc2-6 \|\| =2.40~rc2-7 \|\| =2.40~rc2-8 \|\| =2.41-1 \|\| =2.41-2 \|\| =2.41-3 \|\| =2.41-4 \|\| =2.41-5 \|\| =2.41.1-1 \|\| =2.41.1-2 \|\| =2.41.1-3 \|\| =2.41.1-4 \|\| =2.41.2-1 \|\| =2.41.2-2 \|\| =2.41.2-3 \|\| =2.41.2-4 \|\| =2.41.3-1 \|\| =2.41.3-2 \|\| =2.41.3-3 \|\| =2.41.3-4 \|\| =2.41~rc1-1 \|\| =2.41~rc1-2 \|\| =2.41~rc2-1 \|\| =2.42-1 \|\| =2.42-2 \|\| =2.42-3 \|\| =2.42-4 \|\| =2.42-5 \|\| =2.42~rc1-1 \|\| =2.42~rc1-2 \|\| =2.42~rc1-3 \|\| =2.42~rc2-1	-
debian 14	util-linux	=2.41-5 \|\| =2.41.1-1 \|\| =2.41.1-2 \|\| =2.41.1-3 \|\| =2.41.1-4 \|\| =2.41.2-1 \|\| =2.41.2-2 \|\| =2.41.2-3 \|\| =2.41.2-4 \|\| >=0 <2.41.3-1	2.41.3-1
debian 12	util-linux	=2.38.1-5 \|\| =2.38.1-5+deb12u1 \|\| =2.38.1-5+deb12u2 \|\| =2.38.1-5+deb12u3 \|\| =2.38.1-5+loong64 \|\| =2.38.1-6 \|\| =2.39.1-1 \|\| =2.39.1-2 \|\| =2.39.1-3 \|\| =2.39.1-4 \|\| =2.39.2-1 \|\| =2.39.2-2 \|\| =2.39.2-2.1 \|\| =2.39.2-2.2 \|\| =2.39.2-3 \|\| =2.39.2-4 \|\| =2.39.2-5 \|\| =2.39.2-6 \|\| =2.39.3-1 \|\| =2.39.3-10 \|\| =2.39.3-11 \|\| =2.39.3-2 \|\| =2.39.3-3 \|\| =2.39.3-4 \|\| =2.39.3-5 \|\| =2.39.3-6 \|\| =2.39.3-6.1 \|\| =2.39.3-6.1~exp1 \|\| =2.39.3-7 \|\| =2.39.3-8 \|\| =2.39.3-9 \|\| =2.40-1 \|\| =2.40-2 \|\| =2.40-3 \|\| =2.40-4 \|\| =2.40-5 \|\| =2.40-6 \|\| =2.40-7 \|\| =2.40-8 \|\| =2.40.1-1 \|\| =2.40.1-2 \|\| =2.40.1-3 \|\| =2.40.1-4 \|\| =2.40.1-4+hurd.1 \|\| =2.40.1-6 \|\| =2.40.1-7 \|\| =2.40.1-8 \|\| =2.40.1-8.1 \|\| =2.40.1-9 \|\| =2.40.2-1 \|\| =2.40.2-10 \|\| =2.40.2-11 \|\| =2.40.2-12 \|\| =2.40.2-12+hurd.1 \|\| =2.40.2-13 \|\| =2.40.2-14 \|\| =2.40.2-2 \|\| =2.40.2-3 \|\| =2.40.2-4 \|\| =2.40.2-5 \|\| =2.40.2-6 \|\| =2.40.2-7 \|\| =2.40.2-8 \|\| =2.40.2-9 \|\| =2.40.3-1 \|\| =2.40.4-1 \|\| =2.40.4-2 \|\| =2.40.4-3 \|\| =2.40.4-4 \|\| =2.40.4-5 \|\| =2.40~rc2-1 \|\| =2.40~rc2-2 \|\| =2.40~rc2-3 \|\| =2.40~rc2-4 \|\| =2.40~rc2-5 \|\| =2.40~rc2-6 \|\| =2.40~rc2-7 \|\| =2.40~rc2-8 \|\| =2.41-1 \|\| =2.41-2 \|\| =2.41-3 \|\| =2.41-4 \|\| =2.41-5 \|\| =2.41.1-1 \|\| =2.41.1-2 \|\| =2.41.1-3 \|\| =2.41.1-4 \|\| =2.41.2-1 \|\| =2.41.2-2 \|\| =2.41.2-3 \|\| =2.41.2-4 \|\| =2.41.3-1 \|\| =2.41.3-2 \|\| =2.41.3-3 \|\| =2.41.3-4 \|\| =2.41~rc1-1 \|\| =2.41~rc1-2 \|\| =2.41~rc2-1 \|\| =2.42-1 \|\| =2.42-2 \|\| =2.42-3 \|\| =2.42-4 \|\| =2.42-5 \|\| =2.42~rc1-1 \|\| =2.42~rc1-2 \|\| =2.42~rc1-3 \|\| =2.42~rc2-1	-
debian 13	util-linux	=2.41-5 \|\| =2.41.1-1 \|\| =2.41.1-2 \|\| =2.41.1-3 \|\| =2.41.1-4 \|\| =2.41.2-1 \|\| =2.41.2-2 \|\| =2.41.2-3 \|\| =2.41.2-4 \|\| =2.41.3-1 \|\| =2.41.3-2 \|\| =2.41.3-3 \|\| =2.41.3-4 \|\| =2.42-1 \|\| =2.42-2 \|\| =2.42-3 \|\| =2.42-4 \|\| =2.42-5 \|\| =2.42~rc1-1 \|\| =2.42~rc1-2 \|\| =2.42~rc1-3 \|\| =2.42~rc2-1	-
rpm rhel9	util-linux	<0:2.37.4-21.el9_7	0:2.37.4-21.el9_7
rpm rhel10	util-linux	<0:2.40.2-15.el10_1	0:2.40.2-15.el10_1
rpm rhel8	util-linux	<0:2.32.1-48.el8_10	0:2.32.1-48.el8_10
rpm rhel6	util-linux-ng	-	-
rpm rhel7	util-linux	-	-

Aliases

1. CVE-2025-141042. NVD-2025-141043. OSV-DEBIAN-2025-141044. OSV-2025-141045. SECURITY-TRACKER-CVE-2025-14104

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.