logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-3156

Description

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.


Affected Software


CPE Name Name Version
sudo_project:sudo sudo project sudo 1.9.5
sudo_project:sudo sudo project sudo 1.9.5
sudo_project:sudo sudo project sudo 1.9.5
sudo_project:sudo sudo project sudo 1.8.32
fedoraproject:fedora fedoraproject fedora 32
fedoraproject:fedora fedoraproject fedora 33
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
netapp:solidfire netapp solidfire -
netapp:hci_management_node netapp hci management node -
netapp:oncommand_unified_manager_core_package netapp oncommand unified manager core package -
mcafee:web_gateway mcafee web gateway 8.2.17
mcafee:web_gateway mcafee web gateway 9.2.8
mcafee:web_gateway mcafee web gateway 10.0.4
synology:diskstation_manager synology diskstation manager 6.2
synology:diskstation_manager_unified_controller synology diskstation manager unified controller 3.0
synology:skynas_firmware synology skynas firmware -
synology:vs960hd_firmware synology vs960hd firmware -
beyondtrust:privilege_management_for_mac beyondtrust privilege management for mac 21.1.1
beyondtrust:privilege_management_for_unix\/linux beyondtrust privilege management for unix\/linux 10.3.2-10
oracle:micros_compact_workstation_3_firmware oracle micros compact workstation 3 firmware 310
oracle:micros_es400_firmware oracle micros es400 firmware 410
oracle:micros_kitchen_display_system_firmware oracle micros kitchen display system firmware 210
oracle:micros_workstation_5a_firmware oracle micros workstation 5a firmware 5a
oracle:micros_workstation_6_firmware oracle micros workstation 6 firmware 655
oracle:tekelec_platform_distribution oracle tekelec platform distribution 7.7.1
oracle:communications_performance_intelligence_center oracle communications performance intelligence center 10.4.0.3.1
oracle:communications_performance_intelligence_center oracle communications performance intelligence center 10.3.0.2.1

Related