Published: 02/11/2022 Updated: 06/12/2022

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 0

Sudo 1.8.0 up to and including 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sudo project sudo 1.9.12
sudo project sudo

DescriptionThe MITRE CVE dictionary describes this issue as: Sudo 180 through 1912, with the crypt() password backend, contains a plugins/sudoers/auth/passwdc array-out-of-bounds error that can result in a heap-based buffer over-read This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters ...

ALAS-2023-289 Amazon Linux 2022 Security Advisory: ALAS-2023-289 Advisory Release Date: 2023-01-31 21:12 Pacific Advisory Updated Date: 2023-01-31 21:12 Pac ...

CWE-125 https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050 https://www.sudo.ws/security/advisories/https://news.ycombinator.com/item?id=33465707 https://bugzilla.redhat.com/show_bug.cgi?id=2139911 https://security.gentoo.org/glsa/202211-08 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-43995 https://alas.aws.amazon.com/AL2022/ALAS-2023-289.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-43995

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect