CVE-2023-0634 Information

Description

An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command.

Reference

https://github.com/shadow-maint/shadow/pull/642 https://access.redhat.com/security/cve/CVE-2023-0634 https://bugzilla.redhat.com/show_bug.cgi?id=2166544 https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/