sudo-rs doesn't record authenticating user properly in timestamp

Summary When Defaults targetpw or Defaults rootpw is enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the...

EUVD-2025-150364

sudo-rs doesn't record authenticating user properly in timestamp...

GHSA-Q428-6V73-FC4Q sudo-rs doesn't record authenticating user properly in timestamp

Summary When Defaults targetpw or Defaults rootpw is enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the...

CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

UBUNTU-CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

CVE-2025-64517

sudo-rs (Rust implementation of sudo) is affected by CVE-2025-64517. Versions prior to 0.2.10 incorrectly recorded the invoking user’s UID in the authentication timestamp when Defaults targetpw/rootpw are enabled, which could allow a highly-privileged user to run commands as other accounts using ...

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

[SECURITY] [DSA 6052-1] rust-sudo-rs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6052-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 11, 2025 https://www.debian.org/security/faq -...

USN-7867-1: sudo-rs vulnerabilities

It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations. It was discovered that sudo-rs incorrectly handled the targetpw and...