Описание
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not compiled |
| devel | not-affected | code not compiled |
| esm-infra-legacy/trusty | not-affected | code not compiled |
| esm-infra/bionic | not-affected | code not compiled |
| esm-infra/focal | not-affected | code not compiled |
| esm-infra/xenial | not-affected | code not compiled |
| focal | not-affected | code not compiled |
| jammy | not-affected | code not compiled |
| kinetic | not-affected | code not compiled |
| trusty | ignored | end of standard support |
Показывать по
EPSS
7.1 High
CVSS3
Связанные уязвимости
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains ...
EPSS
7.1 High
CVSS3