CVE-2023-42465
sudo: Targeted Corruption of Register and Stack Variables
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Sudo anterior a 1.9.15 podría permitir row hammer attacks (para eludir la autenticación o escalar privilegios) porque la lógica de la aplicación a veces se basa en no igualar un valor de error (en lugar de igualar un valor de éxito) y porque los valores no resisten los cambios de un solo bit.
A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-11 CVE Reserved
- 2023-12-22 CVE Published
- 2024-01-04 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
https://arxiv.org/abs/2309.02545 | Technical Description | |
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15 | Release Notes | |
https://security.netapp.com/advisory/ntap-20240208-0002 | ||
https://www.sudo.ws/releases/changelog | Release Notes |
URL | Date | SRC |
---|---|---|
https://www.openwall.com/lists/oss-security/2023/12/21/9 | 2024-08-02 |
URL | Date | SRC |
---|---|---|
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f | 2024-02-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sudo Project Search vendor "Sudo Project" | Sudo Search vendor "Sudo Project" for product "Sudo" | < 1.9.15 Search vendor "Sudo Project" for product "Sudo" and version " < 1.9.15" | - |
Affected
|