Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-18634

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow14 documents10 sources
Severity
7.8HIGH
EPSS
87.5%
top 0.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Sudo Project SudoDebian Debian Linux
Timeline
PublishedJan 29
Latest updateMay 24

Description

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsudo_project/sudo1.7.11.8.26
Debiansudo< 1.8.31-1+3

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-rjv5-9w4p-4jrw: In Sudo through 12022-05-24
OSV
CVE-2019-18634: In Sudo before 12020-01-29
CVEList
CVE-2019-18634: In Sudo before 12020-01-29

💥Exploits & PoCs

2
Exploit-DB
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow2020-02-06
Exploit-DB
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)2020-02-04

📋Vendor Advisories

4
Ubuntu
Sudo vulnerability2020-02-05
Ubuntu
Sudo vulnerability2020-02-03
Red Hat
sudo: Stack based buffer overflow when pwfeedback is enabled2020-01-30
Debian
CVE-2019-18634: sudo - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigg...2019

📄Research Papers

1
CTF
Easy / sudovulnsbof

💬Community

3
Bugzilla
CVE-2019-18634 sudo: Stack based buffer overflow when pwfeedback is enabled [fedora-all]2020-02-05
Bugzilla
CVE-2019-18634 sudo: Stack based buffer overflow in when pwfeedback is enabled [fedora-all]2020-01-31
Bugzilla
CVE-2019-18634 sudo: Stack based buffer overflow when pwfeedback is enabled2020-01-31
CVE-2019-18634 (HIGH CVSS 7.8) | In Sudo before 1.8.26 | cvebase.io