How severe is CVE-2023-29383?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2023-29383?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2023-29383 - LOW Severity | CVSS 3.3

Vulnerability Description

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

Related Vulnerabilities

CVE-2022-29816

LOW

CVSS:3.2(Low)

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible

CWE-742022

CVE-2025-46814

LOW

CVSS:3.4(Low)

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in ve...

CWE-742025

CVE-2015-7466

LOW

CVSS:3.1(Low)

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass inte...

CWE-742015

CVE-2016-8720

LOW

CVSS:3.1(Low)

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can in...

CWE-742016

CVE-2019-1010310

LOW

CVSS:3.5(Low)

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users...

CWE-742019

CVE-2019-11275

LOW

CVSS:3.5(Low)

Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior ...

CWE-742019