CVE-2019-14287

CVE-2019-14287 affects sudo before 1.8.28. An attacker with a Runas ALL sudoer account can bypass policy blacklists and session PAM modules and cause incorrect logging by invoking sudo with a crafted user ID (example: sudo -u $((0xffffffff))). This corresponds to a local privilege-escalation flaw...

CVE-2021-23239

The CVE-2021-23239 entry concerns the sudoedit personality in sudo up to version 1.9.4 (before 1.9.5). A race condition in sudoedit (sudo_edit.c) can allow a local, unprivileged user to determine directory existence by substituting a user-controlled directory with a symlink to an arbitrary path, ...

CVE-2021-23240

CVE-2021-23240 affects sudoedit in sudo prior to 1.9.5. An unprivileged local user can replace a temporary file with a symlink to an arbitrary target, enabling a file-ownership escalation attack. Impact is described for SELinux RBAC environments in permissive mode; machines without SELinux are no...

CVE-2023-42465

Technical details about CVE-2023-42465 are not publicly available in the provided connected documents. The CVE is referenced in advisories, but no concrete affected products, root cause, exploit vectors, or fixes are detailed here. Monitor for updates.

CVE-2025-32462

CVE-2025-32462 affects sudo prior to 1.9.17p1. When used with a sudoers entry that specifies a host neither the current host nor ALL, listed users can execute commands on unintended machines. The Astra Linux bulletin reiterates this description. Connected advisories indicate a patched version is ...

CVE-2023-28486

CVE-2023-28486 affects the sudo utility; the affected component is sudo prior to version 1.9.13, which does not escape control characters in log messages. Multiple connected advisories confirm the issue and subsequent fixes across distributions (e.g., Debian LTS advisory DLA-4472-1 for sudo 1.9.5...

CVE-2023-28487

CVE-2023-28487 affects sudo up to version 1.9.13, where sudoreplay output does not escape control characters. This can enable manipulation of terminal output when viewed. Public details in connected advisories indicate fixes implemented in 1.9.13 and newer across multiple distributions (Debian, A...

CVE-2023-7090

CVE-2023-7090 describes a flaw in sudo where ipa_hostname from /etc/sssd/sssd.conf is not propagated, causing privilege mismanagement where client hosts may retain privileges after withdrawal. The issue is confirmed across multiple advisories (e.g., EulerOS sudo advisories) and is associated with...

CVE-2002-0184

The CVE-2002-0184 entry describes a local privilege-escalation in sudo prior to version 1.6.6 due to an off-by-one/doorknob in the heap-based overflow during prompt ( -p ) handling. The flaw is triggered by special characters in the -p prompt, which are not properly expanded, allowing a local use...

CVE-2026-35535

CVE-2026-35535 affects Sudo up to 1.9.17p2, before the patch identified as 3e474c2. A failure in a setuid/setgid/setgroups call during privilege drop prior to invoking the mailer is not fatal and can lead to local privilege escalation. The vulnerability is restricted to local attackers with exist...