// For flags

CVE-2021-3156

Sudo Heap-Based Buffer Overflow Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

56
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo carácter de barra invertida

A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command (by default, any local user can execute sudo) without authentication. Successful exploitation of this flaw could lead to privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-15 CVE Reserved
  • 2021-01-26 CVE Published
  • 2021-01-26 First Exploit
  • 2022-04-06 Exploited in Wild
  • 2022-04-27 KEV Due Date
  • 2024-09-18 CVE Updated
  • 2024-10-28 EPSS Updated
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-193: Off-by-one Error
CAPEC
References (86)
URL Date SRC
https://www.exploit-db.com/exploits/49521 2021-02-03
https://www.exploit-db.com/exploits/49522 2021-02-03
https://github.com/blasty/CVE-2021-3156 2021-02-01
https://github.com/worawit/CVE-2021-3156 2021-07-23
https://github.com/stong/CVE-2021-3156 2021-02-08
https://github.com/reverse-ex/CVE-2021-3156 2021-01-31
https://github.com/CptGibbon/CVE-2021-3156 2022-01-20
https://github.com/Rvn0xsy/CVE-2021-3156-plus 2021-02-09
https://github.com/mr-r3b00t/CVE-2021-3156 2021-01-26
https://github.com/0xdevil/CVE-2021-3156 2021-12-03
https://github.com/unauth401/CVE-2021-3156 2021-01-27
https://github.com/mbcrump/CVE-2021-3156 2021-01-31
https://github.com/teamtopkarl/CVE-2021-3156 2021-01-31
https://github.com/kernelzeroday/CVE-2021-3156-Baron-Samedit 2021-01-29
https://github.com/jm33-m0/CVE-2021-3156 2021-02-09
https://github.com/apogiatzis/docker-CVE-2021-3156 2021-01-31
https://github.com/PhuketIsland/CVE-2021-3156-centos7 2022-11-03
https://github.com/baka9moe/CVE-2021-3156-Exp 2021-01-28
https://github.com/chenaotian/CVE-2021-3156 2022-05-23
https://github.com/dinhbaouit/CVE-2021-3156 2021-02-03
https://github.com/1N53C/CVE-2021-3156-PoC 2021-02-06
https://github.com/elbee-cyber/CVE-2021-3156-PATCHER 2021-01-28
https://github.com/Q4n/CVE-2021-3156 2021-01-31
https://github.com/ph4ntonn/CVE-2021-3156 2021-01-28
https://github.com/oneoy/CVE-2021-3156 2021-02-01
https://github.com/CyberCommands/CVE-2021-3156 2021-08-07
https://github.com/Mhackiori/CVE-2021-3156 2022-07-15
https://github.com/lmol/CVE-2021-3156 2021-03-25
https://github.com/kal1gh0st/CVE-2021-3156 2021-05-04
https://github.com/musergi/CVE-2021-3156 2021-12-01
https://github.com/PurpleOzone/PE_CVE-CVE-2021-3156 2023-05-13
https://github.com/ymrsmns/CVE-2021-3156 2021-01-31
https://github.com/RodricBr/CVE-2021-3156 2022-08-19
https://github.com/EthicalSecurity-Agency/Y3A-CVE-2021-3156 2021-09-07
https://github.com/halissha/CVE-2021-3156 2021-10-20
https://github.com/barebackbandit/CVE-2021-3156 2022-01-30
https://github.com/donghyunlee00/CVE-2021-3156 2021-06-25
https://github.com/freeFV/CVE-2021-3156 2021-01-29
https://github.com/Typical0day/CVE-2021-3156 2024-07-08
https://github.com/ZTK-009/CVE-2021-3156 2021-02-01
https://github.com/arvindshima/CVE-2021-3156 2022-06-24
https://github.com/wurwur/CVE-2021-3156 2024-01-22
https://github.com/0x7183/CVE-2021-3156 2021-08-17
https://github.com/BearCat4/CVE-2021-3156 2021-03-30
https://github.com/puckiestyle/CVE-2021-3156 2022-03-04
http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html 2024-09-18
http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html 2024-09-18
http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html 2024-09-18
http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html 2024-09-18
http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html 2024-09-18
http://seclists.org/fulldisclosure/2021/Jan/79 2024-09-18
http://seclists.org/fulldisclosure/2024/Feb/3 2024-09-18
http://www.openwall.com/lists/oss-security/2021/01/26/3 2024-09-18
http://www.openwall.com/lists/oss-security/2021/02/15/1 2024-09-18
http://www.openwall.com/lists/oss-security/2024/01/30/6 2024-09-18
https://www.openwall.com/lists/oss-security/2021/01/26/3 2024-09-18
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Synology
Search vendor "Synology"
Skynas Firmware
Search vendor "Synology" for product "Skynas Firmware"
--
Affected
in Synology
Search vendor "Synology"
Skynas
Search vendor "Synology" for product "Skynas"
--
Safe
Synology
Search vendor "Synology"
Vs960hd Firmware
Search vendor "Synology" for product "Vs960hd Firmware"
--
Affected
in Synology
Search vendor "Synology"
Vs960hd
Search vendor "Synology" for product "Vs960hd"
--
Safe
Oracle
Search vendor "Oracle"
Micros Compact Workstation 3 Firmware
Search vendor "Oracle" for product "Micros Compact Workstation 3 Firmware"
310
Search vendor "Oracle" for product "Micros Compact Workstation 3 Firmware" and version "310"
-
Affected
in Oracle
Search vendor "Oracle"
Micros Compact Workstation 3
Search vendor "Oracle" for product "Micros Compact Workstation 3"
--
Safe
Oracle
Search vendor "Oracle"
Micros Es400 Firmware
Search vendor "Oracle" for product "Micros Es400 Firmware"
>= 400 <= 410
Search vendor "Oracle" for product "Micros Es400 Firmware" and version " >= 400 <= 410"
-
Affected
in Oracle
Search vendor "Oracle"
Micros Es400
Search vendor "Oracle" for product "Micros Es400"
--
Safe
Oracle
Search vendor "Oracle"
Micros Kitchen Display System Firmware
Search vendor "Oracle" for product "Micros Kitchen Display System Firmware"
210
Search vendor "Oracle" for product "Micros Kitchen Display System Firmware" and version "210"
-
Affected
in Oracle
Search vendor "Oracle"
Micros Kitchen Display System
Search vendor "Oracle" for product "Micros Kitchen Display System"
--
Safe
Oracle
Search vendor "Oracle"
Micros Workstation 5a Firmware
Search vendor "Oracle" for product "Micros Workstation 5a Firmware"
5a
Search vendor "Oracle" for product "Micros Workstation 5a Firmware" and version "5a"
-
Affected
in Oracle
Search vendor "Oracle"
Micros Workstation 5a
Search vendor "Oracle" for product "Micros Workstation 5a"
--
Safe
Oracle
Search vendor "Oracle"
Micros Workstation 6 Firmware
Search vendor "Oracle" for product "Micros Workstation 6 Firmware"
>= 610 <= 655
Search vendor "Oracle" for product "Micros Workstation 6 Firmware" and version " >= 610 <= 655"
-
Affected
in Oracle
Search vendor "Oracle"
Micros Workstation 6
Search vendor "Oracle" for product "Micros Workstation 6"
--
Safe
Sudo Project
Search vendor "Sudo Project"
Sudo
Search vendor "Sudo Project" for product "Sudo"
>= 1.8.2 < 1.8.32
Search vendor "Sudo Project" for product "Sudo" and version " >= 1.8.2 < 1.8.32"
-
Affected
Sudo Project
Search vendor "Sudo Project"
Sudo
Search vendor "Sudo Project" for product "Sudo"
>= 1.9.0 < 1.9.5
Search vendor "Sudo Project" for product "Sudo" and version " >= 1.9.0 < 1.9.5"
-
Affected
Sudo Project
Search vendor "Sudo Project"
Sudo
Search vendor "Sudo Project" for product "Sudo"
1.9.5
Search vendor "Sudo Project" for product "Sudo" and version "1.9.5"
-
Affected
Sudo Project
Search vendor "Sudo Project"
Sudo
Search vendor "Sudo Project" for product "Sudo"
1.9.5
Search vendor "Sudo Project" for product "Sudo" and version "1.9.5"
patch1
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
32
Search vendor "Fedoraproject" for product "Fedora" and version "32"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Netapp
Search vendor "Netapp"
Active Iq Unified Manager
Search vendor "Netapp" for product "Active Iq Unified Manager"
-vmware_vsphere
Affected
Netapp
Search vendor "Netapp"
Cloud Backup
Search vendor "Netapp" for product "Cloud Backup"
--
Affected
Netapp
Search vendor "Netapp"
Hci Management Node
Search vendor "Netapp" for product "Hci Management Node"
--
Affected
Netapp
Search vendor "Netapp"
Oncommand Unified Manager Core Package
Search vendor "Netapp" for product "Oncommand Unified Manager Core Package"
--
Affected
Netapp
Search vendor "Netapp"
Ontap Select Deploy Administration Utility
Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility"
--
Affected
Netapp
Search vendor "Netapp"
Ontap Tools
Search vendor "Netapp" for product "Ontap Tools"
9
Search vendor "Netapp" for product "Ontap Tools" and version "9"
vmware_vsphere
Affected
Netapp
Search vendor "Netapp"
Solidfire
Search vendor "Netapp" for product "Solidfire"
--
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
8.2.17
Search vendor "Mcafee" for product "Web Gateway" and version "8.2.17"
-
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
9.2.8
Search vendor "Mcafee" for product "Web Gateway" and version "9.2.8"
-
Affected
Mcafee
Search vendor "Mcafee"
Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
10.0.4
Search vendor "Mcafee" for product "Web Gateway" and version "10.0.4"
-
Affected
Synology
Search vendor "Synology"
Diskstation Manager
Search vendor "Synology" for product "Diskstation Manager"
6.2
Search vendor "Synology" for product "Diskstation Manager" and version "6.2"
-
Affected
Synology
Search vendor "Synology"
Diskstation Manager Unified Controller
Search vendor "Synology" for product "Diskstation Manager Unified Controller"
3.0
Search vendor "Synology" for product "Diskstation Manager Unified Controller" and version "3.0"
-
Affected
Beyondtrust
Search vendor "Beyondtrust"
Privilege Management For Mac
Search vendor "Beyondtrust" for product "Privilege Management For Mac"
< 21.1.1
Search vendor "Beyondtrust" for product "Privilege Management For Mac" and version " < 21.1.1"
-
Affected
Beyondtrust
Search vendor "Beyondtrust"
Privilege Management For Unix\/linux
Search vendor "Beyondtrust" for product "Privilege Management For Unix\/linux"
< 10.3.2-10
Search vendor "Beyondtrust" for product "Privilege Management For Unix\/linux" and version " < 10.3.2-10"
basic
Affected
Oracle
Search vendor "Oracle"
Communications Performance Intelligence Center
Search vendor "Oracle" for product "Communications Performance Intelligence Center"
>= 10.3.0.0.0 <= 10.3.0.2.1
Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.3.0.0.0 <= 10.3.0.2.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Performance Intelligence Center
Search vendor "Oracle" for product "Communications Performance Intelligence Center"
>= 10.4.0.1.0 <= 10.4.0.3.1
Search vendor "Oracle" for product "Communications Performance Intelligence Center" and version " >= 10.4.0.1.0 <= 10.4.0.3.1"
-
Affected
Oracle
Search vendor "Oracle"
Tekelec Platform Distribution
Search vendor "Oracle" for product "Tekelec Platform Distribution"
>= 7.4.0 <= 7.7.1
Search vendor "Oracle" for product "Tekelec Platform Distribution" and version " >= 7.4.0 <= 7.7.1"
-
Affected