Shodan
Vulnerabilities
Vulnerable Software
Sudo Project:  >> Sudo  >> 1.9.5  Security Vulnerabilities
CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
CVSS Score
2.8
EPSS Score
0.005
Published
2025-06-30
CVE-2023-42465
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-12-22
CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-16
CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-16
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVSS Score
7.8
EPSS Score
0.507
Published
2023-01-18
CVE-2022-43995
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-11-02
CVE-2021-3156
Known exploited
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS Score
7.8
EPSS Score
0.923
Published
2021-01-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved