Sudo Project: >> Sudo >> 1.8.21 Security Vulnerabilities
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
CVSS Score
2.8
EPSS Score
0.231
Published
2025-06-30
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
CVSS Score
6.6
EPSS Score
0.0
Published
2023-12-23
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-12-22
Sudo before 1.9.13 does not escape control characters in log messages.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-16
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-16
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVSS Score
7.8
EPSS Score
0.42
Published
2023-01-18
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-11-02
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Known exploited
CVSS Score
7.8
EPSS Score
0.925
Published
2021-01-26
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
CVSS Score
2.5
EPSS Score
0.0
Published
2021-01-12
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-01-12
Page 1