PatchSiren

Shadow Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Shadow Project CVE published 2017-02-17

CVE-2016-6252

CVE-2016-6252 is a local privilege-escalation issue in shadow 4.2.1 caused by an integer overflow (CWE-190) when processing crafted input to newuidmap. NVD rates the issue HIGH with a CVSS 3.0 score of 7.8. Administrators should confirm whether affected shadow packages are installed and apply the vendor or distribution fix.