DEBIAN-CVE-2020-13776

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-13776

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-13776.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-13776

Upstream

CVE-2020-13776

Published

2020-06-03T03:15:10Z

Modified

2025-09-19T06:06:04Z

Summary

[none]

Details

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

References

https://security-tracker.debian.org/tracker/CVE-2020-13776

Affected packages

Debian:11 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

246-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

246-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

246-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / systemd

Package

Name: systemd
Purl: pkg:deb/debian/systemd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

246-2

Ecosystem specific

{
    "urgency": "unimportant"
}