Lucene search

[email protected]NVD:CVE-2023-27320

HistoryFeb 28, 2023 - 6:15 p.m.

CVE-2023-27320

2023-02-2818:15:10

CWE-415

[email protected]

web.nvd.nist.gov

sudo vulnerability

double free

per-command chroot

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

JSON

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

Affected configurations

NVD

Node

sudo_projectsudoRange1.9.8–1.9.13

sudo_projectsudoMatch1.9.13-

sudo_projectsudoMatch1.9.13p1

Node

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

References

www.openwall.com/lists/oss-security/2023/03/01/8

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/

security.gentoo.org/glsa/202309-12

security.netapp.com/advisory/ntap-20230413-0009/

www.openwall.com/lists/oss-security/2023/02/28/1

www.sudo.ws/releases/stable/#1.9.13p2

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

JSON

Related for NVD:CVE-2023-27320

nessus14 openvas8 redhatcve1 fedora3 ubuntucve1 cvelist1 ubuntu1 debiancve1 alpinelinux1 cbl_mariner2 cloudfoundry1 osv2 cve1 veracode1 prion1 gentoo1 photon1