Lucene search

K
cisaCISACISA:765265E5BF9328E9BAF09F93A1684580
HistoryFeb 02, 2021 - 12:00 a.m.

Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156

2021-02-0200:00:00
us-cert.cisa.gov
76
sudo
buffer overflow
vulnerability
cve-2021-3156
unix
linux
update
cisa
advisory
exploit
control
security
privileges
patch
qualys blog
cert coordination center
privacy policy
survey

EPSS

0.958

Percentile

99.5%

Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to update to sudo version 1.9.5p2, refer to vendors for available patches, and review the following resources for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.