{"uuid": "d3d25626-938d-4de2-bd10-33d25c9fdf2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24031", "type": "seen", "source": "https://t.me/cvedetector/17573", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-24031 - Apache PAM-PKCS#11 X509 Certificate PIN Input Vulnerability (Segmentation Fault)\", \n  \"Content\": \"CVE ID : CVE-2025-24031 \nPublished : Feb. 10, 2025, 4:15 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-10T18:45:48.000000Z"}