Published: 22/12/2023 Updated: 18/02/2024

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 0

Sudo prior to 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sudo project sudo

Sudo before 1915 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit (CVE-2023-42465) ...

NVD-CWE-noinfo https://www.sudo.ws/releases/changelog/https://www.openwall.com/lists/oss-security/2023/12/21/9 https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f https://arxiv.org/abs/2309.02545 https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15 https://security.gentoo.org/glsa/202401-29 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/https://security.netapp.com/advisory/ntap-20240208-0002/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2024-2447.html

CVE-2023-42465

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect