CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low
Software: sudo 1.8.29
OS: ROSA Virtualization 2.1
package_evr_string: sudo-1.8.29
CVE-ID: CVE-2022-43995
BDU-ID: 2022-06664
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the implementation of the crypt() function of the Sudo system administration program is related to the ability to read outside of the buffer in memory when processing the plugins/sudoers/auth/passwd.c file. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Not Relevant
CVE-REV: