CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42465 – sudo: Targeted Corruption of Register and Stack Variables
https://notcve.org/view.php?id=CVE-2023-42465
22 Dec 2023 — Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. Sudo anterior a 1.9.15 podría permitir row hammer attacks (para eludir la autenticación o escalar privilegios) porque la lógica de la aplicación a veces se basa en no igualar un valor de error (en lugar de igualar un valor de éxito) y ... • https://arxiv.org/abs/2309.02545 • CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 1CVE-2023-27320 – Gentoo Linux Security Advisory 202309-12
https://notcve.org/view.php?id=CVE-2023-27320
28 Feb 2023 — Sudo before 1.9.13p2 has a double free in the per-command chroot feature. It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate privileges. • http://www.openwall.com/lists/oss-security/2023/03/01/8 • CWE-415: Double Free •