CVE-2022-43995

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Sudo 1.8.0 a 1.9.12, con el backend de contraseña crypt(), contiene un error de matriz fuera de límites plugins/sudoers/auth/passwd.c que puede provocar una sobrelectura del búfer. Esto puede ser activado por usuarios locales arbitrarios con acceso a Sudo ingresando una contraseña de siete caracteres o menos. El impacto podría variar según las librerías del sistema, el compilador y la arquitectura del procesador.

*Credits: N/A

CVSS Scores

NISTv3.1 7.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-28 CVE Reserved
2022-11-02 CVE Published
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (5)

URL	Tag	Source
https://bugzilla.redhat.com/show_bug.cgi?id=2139911	Issue Tracking
https://news.ycombinator.com/item?id=33465707	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050	2022-12-06

URL	Date	SRC
https://security.gentoo.org/glsa/202211-08	2022-12-06
https://www.sudo.ws/security/advisories	2022-12-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sudo Project Search vendor "Sudo Project"		Sudo Search vendor "Sudo Project" for product "Sudo"				>= 1.8.0 < 1.9.12 Search vendor "Sudo Project" for product "Sudo" and version " >= 1.8.0 < 1.9.12"		-		Affected
Sudo Project Search vendor "Sudo Project"		Sudo Search vendor "Sudo Project" for product "Sudo"				1.9.12 Search vendor "Sudo Project" for product "Sudo" and version "1.9.12"		-		Affected