CVE search results

1 – 10 of 50 results

Detailed view

Sort by:

CVE-2023-7090

Medium priority

Not affected

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts...

1 affected package

sudo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
sudo	—	Not affected	Not affected	Not affected	Not affected

CVE-2023-42465

Medium priority

Not affected

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because...

1 affected package

sudo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
sudo	—	Not affected	Not affected	Not affected	Not affected

CVE-2023-42456

Medium priority

Not in release

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only...

1 affected package

rust-sudo-rs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rust-sudo-rs	—	Not in release	Not in release	Not in release	Not in release

CVE-2023-28487

Medium priority

Some fixes available 9 of 10

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

1 affected package

sudo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
sudo	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2023-28486

Medium priority

Some fixes available 9 of 10

Sudo before 1.9.13 does not escape control characters in log messages.

1 affected package

sudo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
sudo	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2023-27320

Medium priority

Fixed

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

1 affected package

sudo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
sudo	—	Fixed	Not affected	Not affected	Not affected

CVE-2023-22809

Medium priority

Fixed

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the...

1 affected package

sudo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
sudo	—	Fixed	Fixed	Fixed	Fixed

CVE-2022-43995

Medium priority

Not affected

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with...

1 affected package

sudo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
sudo	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-33070

Medium priority

Some fixes available 8 of 73

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

9 affected packages

argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
argyll	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ccextractor	Needs evaluation	Needs evaluation	Needs evaluation	—	—
libgadu	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libpg-query	Needs evaluation	Needs evaluation	—	—	—
libsignal-protocol-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—
ocserv	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
pidgin	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
protobuf-c	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation
sudo	Not affected	Fixed	Not affected	Not affected	Not affected

CVE-2021-3156

High priority

Fixed

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

1 affected package

sudo

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
sudo	—	—	Fixed	Fixed	Fixed

Export to JSON

Results by page:

Search CVE reports