Sudo Security Vulnerabilities and Issues — Sudo CVE List

Lucene search

Sudo ProjectSudo

6 matches found

CVE•added 2023/01/18 5:15 p.m.•1137 views

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affect...

7.8CVSS7.7AI score0.50157EPSS

CVE•added 2023/12/22 4:15 p.m.•222 views

CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

7CVSS7.1AI score0.00004EPSS

CVE•added 2023/02/28 6:15 p.m.•150 views

CVE-2023-27320

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

7.2CVSS6.9AI score0.00149EPSS

CVE•added 2023/03/16 1:15 a.m.•125 views

CVE-2023-28486

Sudo before 1.9.13 does not escape control characters in log messages.

5.3CVSS5.4AI score0.00099EPSS

CVE•added 2023/03/16 1:15 a.m.•113 views

CVE-2023-28487

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

5.3CVSS5.4AI score0.00099EPSS

CVE•added 2023/12/23 11:15 p.m.•76 views

CVE-2023-7090

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.

8.8CVSS7.3AI score0.0005EPSS