CVE-2021-3156

CVE-2021-3156 is a heap-based buffer overflow in sudo that enables privilege escalation to root. The issue arises in the argument parsing path and is exploitable via commands using sudoedit -s with a trailing backslash, leading to memory corruption. Affected release information in the provided do...

CVE-2023-22809

CVE-2023-22809 affects sudo prior to 1.9.12p2, where the sudoedit (-e) feature mishandles extra arguments passed via environment variables SUDO_EDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process, enabling privilege escalation. The ...

CVE-2019-14287

CVE-2019-14287 affects sudo before 1.8.28. An attacker with a Runas ALL sudoer account can bypass policy blacklists and session PAM modules and cause incorrect logging by invoking sudo with a crafted user ID (example: sudo -u $((0xffffffff))). This corresponds to a local privilege-escalation flaw...

CVE-2025-32463

CVE-2025-32463 affects the sudo utility prior to 1.9.17p1. The vulnerability arises when /etc/nsswitch.conf is sourced from a user-controlled directory via the --chroot option, enabling local users to obtain root access. Connected sources also describe related behavior where a sudoers entry that ...

CVE-2019-18634

CVE-2019-18634 describes a stack-based buffer overflow in sudo when pwfeedback is enabled in /etc/sudoers. The issue is exploitable locally and affects versions prior to the upstream fix. Connected sources specify that upstream remediation occurs in sudo 1.8.31 (Arch Linux ASA-202002-2 notes fix ...

CVE-2021-23239

The CVE-2021-23239 entry concerns the sudoedit personality in sudo up to version 1.9.4 (before 1.9.5). A race condition in sudoedit (sudo_edit.c) can allow a local, unprivileged user to determine directory existence by substituting a user-controlled directory with a symlink to an arbitrary path, ...

CVE-2021-23240

CVE-2021-23240 affects sudoedit in sudo prior to 1.9.5. An unprivileged local user can replace a temporary file with a symlink to an arbitrary target, enabling a file-ownership escalation attack. Impact is described for SELinux RBAC environments in permissive mode; machines without SELinux are no...

CVE-2017-1000368

CVE-2017-1000368 affects Todd Miller’s sudo prior to 1.8.20p1 and earlier, due to input validation in get_process_ttyname() that parses /proc data. This can enable information disclosure and command execution via a local user with sudo privileges. Connected advisories show multiple distributions ...

CVE-2016-7076

CVE-2016-7076 affects the sudo utility prior to version 1.8.18p1. The root cause is a bypass of the noexec restriction when a user-supplied argument is passed to the C library function wordexp() during execution via sudo, enabling a local user to run an application with noexec and potentially exe...

CVE-2017-1000367

CVE-2017-1000367 affects sudo versions up to and including 1.8.20 and earlier, due to input validation issues in get_process_ttyname() that incorrectly parsed tty information from /proc, enabling information disclosure and local privilege escalation. The issue is tied to parsing tty data from the...

CVE-2023-42465

Technical details about CVE-2023-42465 are not publicly available in the provided connected documents. The CVE is referenced in advisories, but no concrete affected products, root cause, exploit vectors, or fixes are detailed here. Monitor for updates.

CVE-2014-9680

CVE-2014-9680 : sudo before 1.8.12 fails to sanitize the TZ environment variable, allowing a local attacker to bypass restrictions and potentially cause a denial of service or read/open unauthorized files via a sudo session. Connected advisories/docs corroborate local-execution impact and recomme...

CVE-2025-32462

CVE-2025-32462 affects sudo prior to 1.9.17p1. When used with a sudoers entry that specifies a host neither the current host nor ALL, listed users can execute commands on unintended machines. The Astra Linux bulletin reiterates this description. Connected advisories indicate a patched version is ...

CVE-2023-27320

CVE-2023-27320 affects sudo and is caused by a double-free in the per-command chroot feature. Public advisories indicate affected versions include sudo before 1.9.13p2 (and related subversions such as 1.9.12p2‑1 in some advisories) with fixes in newer releases. Affected platforms include Linux di...

CVE-2023-28486

CVE-2023-28486 affects the sudo utility; the affected component is sudo prior to version 1.9.13, which does not escape control characters in log messages. Multiple connected advisories confirm the issue and subsequent fixes across distributions (e.g., Debian LTS advisory DLA-4472-1 for sudo 1.9.5...

CVE-2022-43995

CVE-2022-43995 affects the sudo package, versions 1.8.0 through 1.9.12 with the crypt() password backend. The root cause is a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can cause a heap-based buffer over-read. It can be triggered by arbitrary local users who have access to sudo ...

CVE-2023-28487

CVE-2023-28487 affects sudo up to version 1.9.13, where sudoreplay output does not escape control characters. This can enable manipulation of terminal output when viewed. Public details in connected advisories indicate fixes implemented in 1.9.13 and newer across multiple distributions (Debian, A...

CVE-2015-5602

CVE-2015-5602 affects the sudo tool: sudoedit in sudo before 1.8.15 allows local privilege escalation via a symlink attack when file paths in /etc/sudoers involve wildcards (e.g., /home// /file.txt). The root cause is improper path checking for wildcard-expanded edits, enabling a local user to in...

CVE-2005-4890

The CVE-2005-4890 entry describes a local vulnerability where tty hijacking is possible in shadow 4.x (before 4.1.5) and sudo 1.x (before 1.7.4) via the command path "su - user -c program". Attacker can use the TIOCSTI ioctl to inject characters into the input buffer, allowing the user session to...

CVE-2023-7090

CVE-2023-7090 describes a flaw in sudo where ipa_hostname from /etc/sssd/sssd.conf is not propagated, causing privilege mismanagement where client hosts may retain privileges after withdrawal. The issue is confirmed across multiple advisories (e.g., EulerOS sudo advisories) and is associated with...

CVE-2002-0184

The CVE-2002-0184 entry describes a local privilege-escalation in sudo prior to version 1.6.6 due to an off-by-one/doorknob in the heap-based overflow during prompt ( -p ) handling. The flaw is triggered by special characters in the -p prompt, which are not properly expanded, allowing a local use...

CVE-2019-18684

CVE-2019-18684 affects sudo up to version 1.8.29. A race condition between uid determination and the setresuid/openat calls can allow a local attacker with write access to the sudo process’s file descriptor 3 to inject a payload (e.g., "ALL ALL=(ALL) NOPASSWD:ALL") while password prompting, poten...

CVE-2015-8239

The CVE-2015-8239 issue affects the sudoers plugin in sudo versions after 1.8.7. The root cause is the SHA-2 digest support in the sudoers plugin, which allows local users with write permissions to parts of the called command to replace them before execution. Reported impacts indicate that a loca...

CVE-2026-35535

CVE-2026-35535 affects Sudo up to 1.9.17p2, before the patch identified as 3e474c2. A failure in a setuid/setgid/setgroups call during privilege drop prior to invoking the mailer is not fatal and can lead to local privilege escalation. The vulnerability is restricted to local attackers with exist...