CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42465 – sudo: Targeted Corruption of Register and Stack Variables
https://notcve.org/view.php?id=CVE-2023-42465
22 Dec 2023 — Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. Sudo anterior a 1.9.15 podría permitir row hammer attacks (para eludir la autenticación o escalar privilegios) porque la lógica de la aplicación a veces se basa en no igualar un valor de error (en lugar de igualar un valor de éxito) y ... • https://arxiv.org/abs/2309.02545 • CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28486 – sudo: Sudo does not escape control characters in log messages
https://notcve.org/view.php?id=CVE-2023-28486
16 Mar 2023 — Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. USN-6005-1 fixed vulnerabilities in Sudo. This update provides the corresponding updates for Ubuntu 16... • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28487 – sudo: Sudo does not escape control characters in sudoreplay output
https://notcve.org/view.php?id=CVE-2023-28487
16 Mar 2023 — Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege ... • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 54%CPEs: 8EXPL: 19CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-22809
18 Jan 2023 — In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. En S... • https://packetstorm.news/files/id/172509 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43995 – Gentoo Linux Security Advisory 202211-08
https://notcve.org/view.php?id=CVE-2022-43995
02 Nov 2022 — Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. Sudo 1.8.0 a 1.9.12, con el backend de contraseña crypt(), contiene un error de matriz fuera de límites plugins/sudoer... • https://bugzilla.redhat.com/show_bug.cgi?id=2139911 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 92%CPEs: 39EXPL: 95CVE-2021-3156 – Sudo Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-3156
26 Jan 2021 — Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo caráct... • https://packetstorm.news/files/id/176932 • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error •