{"id":"CVE-2023-29383","details":"In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.","modified":"2026-04-12T03:51:12.970773Z","published":"2023-04-14T22:15:07.680Z","related":["SUSE-SU-2023:2066-1","SUSE-SU-2023:2067-1","SUSE-SU-2023:2068-1","SUSE-SU-2023:2069-1","SUSE-SU-2023:2070-1","SUSE-SU-2024:0939-1","SUSE-SU-2024:1007-1","SUSE-SU-2024:1007-2","openSUSE-SU-2024:12881-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00026.html"},{"type":"REPORT","url":"https://github.com/shadow-maint/shadow/pull/687"},{"type":"FIX","url":"https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d"},{"type":"EVIDENCE","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/"},{"type":"EVIDENCE","url":"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/shadow-maint/shadow","events":[{"introduced":"0"},{"last_affected":"24b44b686ea2221405cfd806dede046cf1fd9584"},{"fixed":"e5905c4b84d4fb90aefcd96ee618411ebfac663d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.13"}]}}],"versions":["4.10","4.12","4.12.1","4.12.2","4.13","4.2.1","4.3.0","4.3.1","4.4","4.5","4.6","4.7","4.8","4.8.1","4.9","v4.10","v4.11.1","v4.9"],"database_specific":{"vanir_signatures_modified":"2026-04-12T03:51:12Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29383.json","vanir_signatures":[{"digest":{"function_hash":"142102838643998942698676818725186990633","length":385},"deprecated":false,"target":{"file":"lib/fields.c","function":"valid_field"},"source":"https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d","signature_version":"v1","signature_type":"Function","id":"CVE-2023-29383-42928cd8"},{"digest":{"threshold":0.9,"line_hashes":["49627020730002805229845557872729510581","302083583822194530407730894214928458707","101401909675513743295097790209324971142","130114865874619688031808491230159968889","49885016258888287298503419801975734582","30181199454884574248963891449059086028","106742429399750711901350404409613644568","126847032506265635540185127431224144619","61834813723290544951875996927102114812"]},"deprecated":false,"target":{"file":"lib/fields.c"},"source":"https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d","signature_version":"v1","signature_type":"Line","id":"CVE-2023-29383-aaf57df7"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}