vulnerability
Red Hat: CVE-2020-13776: CVE-2020-13776 systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:H/Au:N/C:C/I:C/A:C) | Jun 3, 2020 | May 21, 2021 | Mar 27, 2026 |
Severity
6
CVSS
(AV:L/AC:H/Au:N/C:C/I:C/A:C)
Published
Jun 3, 2020
Added
May 21, 2021
Modified
Mar 27, 2026
Description
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
Solutions
redhat-upgrade-systemdredhat-upgrade-systemd-containerredhat-upgrade-systemd-container-debuginforedhat-upgrade-systemd-debuginforedhat-upgrade-systemd-debugsourceredhat-upgrade-systemd-develredhat-upgrade-systemd-journal-remoteredhat-upgrade-systemd-journal-remote-debuginforedhat-upgrade-systemd-libsredhat-upgrade-systemd-libs-debuginforedhat-upgrade-systemd-pamredhat-upgrade-systemd-pam-debuginforedhat-upgrade-systemd-testsredhat-upgrade-systemd-tests-debuginforedhat-upgrade-systemd-udevredhat-upgrade-systemd-udev-debuginfo
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.