CVE-2023-27320

Опубликовано: 28 фев. 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

Ссылки

http://www.openwall.com/lists/oss-security/2023/03/01/8
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/
https://security.gentoo.org/glsa/202309-12
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230413-0009/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/02/28/1
Exploit
Mailing List
Third Party Advisory
https://www.sudo.ws/releases/stable/#1.9.13p2
Release Notes
http://www.openwall.com/lists/oss-security/2023/03/01/8
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/
https://security.gentoo.org/glsa/202309-12
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230413-0009/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/02/28/1
Exploit
Mailing List
Third Party Advisory
https://www.sudo.ws/releases/stable/#1.9.13p2
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*

Версия от 1.9.8 (включая) до 1.9.13 (исключая)

cpe:2.3:a:sudo_project:sudo:1.9.13:-:*:*:*:*:*:*

cpe:2.3:a:sudo_project:sudo:1.9.13:p1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00181

Низкий

7.2 High

CVSS3

Дефекты

CWE-415

Связанные уязвимости

CVE-2023-27320

CVSS3: 7.2

ubuntu

почти 3 года назад

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

CVE-2023-27320

CVSS3: 6.4

redhat

почти 3 года назад

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

CVE-2023-27320

CVSS3: 7.2

msrc

почти 3 года назад

Описание отсутствует

CVE-2023-27320

CVSS3: 7.2

debian

почти 3 года назад

Sudo before 1.9.13p2 has a double free in the per-command chroot featu ...

GHSA-w8wp-rv4w-h5pp

CVSS3: 7.2

github

почти 3 года назад

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

EPSS

Процентиль: 40%

0.00181

Низкий

7.2 High

CVSS3

Дефекты

CWE-415