Lucene search

K
osvGoogleOSV:USN-4705-1
HistoryJan 26, 2021 - 6:48 p.m.

sudo vulnerabilities

2021-01-2618:48:16
Google
osv.dev
16
sudo
vulnerabilities
memory handling
directory permissions
local attacker
administrator account
cve-2021-3156
cve-2021-23239
software

AI Score

7.8

Confidence

High

EPSS

0.96

Percentile

99.5%

It was discovered that Sudo incorrectly handled memory when parsing command
lines. A local attacker could possibly use this issue to obtain unintended
access to the administrator account. (CVE-2021-3156)

It was discovered that the Sudo sudoedit utility incorrectly handled
checking directory permissions. A local attacker could possibly use this
issue to bypass file permissions and determine if a directory exists or
not. (CVE-2021-23239)