CVE-2012-0809
published 2012-02-01CVE-2012-0809: Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences…
high7.2CVSS 3.1
AVLACLAuNCCICAC
EXPLOIT
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sudo | < sudo 1.8.3p2-1 (bookworm) | sudo 1.8.3p2-1 (bookworm) |
| sudo_project | sudo | >= 0 < 1.8.3p2-1 | 1.8.3p2-1 |
| sudo_project | sudo | >= 0 < 1.8.3p2-1 | 1.8.3p2-1 |
| sudo_project | sudo | >= 0 < 1.8.3p2-1 | 1.8.3p2-1 |
| sudo_project | sudo | >= 0 < 1.8.3p2-1 | 1.8.3p2-1 |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH