Search CVE reports
1 – 10 of 50 results
CVE-2023-7090
Medium priorityA flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts...
1 affected packages
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sudo | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-42465
Medium prioritySudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because...
1 affected packages
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sudo | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-42456
Medium priorityNot in release
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only...
1 affected packages
rust-sudo-rs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rust-sudo-rs | — | Not in release | Not in release | Not in release | Not in release |
CVE-2023-28487
Medium prioritySome fixes available 8 of 9
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
1 affected packages
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sudo | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2023-28486
Medium prioritySome fixes available 8 of 9
Sudo before 1.9.13 does not escape control characters in log messages.
1 affected packages
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sudo | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2023-27320
Medium prioritySudo before 1.9.13p2 has a double free in the per-command chroot feature.
1 affected packages
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sudo | — | Fixed | Not affected | Not affected | Not affected |
CVE-2023-22809
Medium priorityIn Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the...
1 affected packages
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sudo | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-43995
Medium prioritySudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with...
1 affected packages
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sudo | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-33070
Medium prioritySome fixes available 7 of 66
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
9 affected packages
argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| argyll | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| libgadu | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libpg-query | Needs evaluation | Needs evaluation | — | — | — |
| libsignal-protocol-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| ocserv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pidgin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| protobuf-c | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| sudo | Not affected | Fixed | Not affected | Not affected | Not affected |
CVE-2021-3156
High prioritySudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
1 affected packages
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| sudo | — | — | Fixed | Fixed | Fixed |