CVE-2011-3149
EPSS 0.06%
Description
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).
How to fix CVE-2011-3149
To remediate CVE-2011-3149, upgrade the affected package to a fixed version below.
- Debian/pam—upgrade to 1.1.3-5 or later
Is CVE-2011-3149 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.3-5