CVE-2021-3156
published 2021-01-26CVE-2021-3156: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s"…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-04-27
Exploited in the wild
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beyondtrust | privilege_management_for_mac | < 21.1.1 | 21.1.1 |
| beyondtrust | privilege_management_for_unix_linux | < 10.3.2-10 | 10.3.2-10 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | sudo | < sudo 1.9.5p1-1.1 (bookworm) | sudo 1.9.5p1-1.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mcafee | web_gateway | — | — |
| mcafee | web_gateway | — | — |
| mcafee | web_gateway | — | — |
| netapp | ontap_tools | — | — |
| oracle | communications_performance_intelligence_center | 10.3.0.0.0 – 10.3.0.2.1 | — |
| oracle | communications_performance_intelligence_center | 10.4.0.1.0 – 10.4.0.3.1 | — |
| oracle | micros_compact_workstation_3_firmware | — | — |
| oracle | micros_es400_firmware | 400 – 410 | — |
| oracle | micros_kitchen_display_system_firmware | — | — |
| oracle | micros_workstation_5a_firmware | — | — |
| oracle | micros_workstation_6_firmware | 610 – 655 | — |
| oracle | tekelec_platform_distribution | 7.4.0 – 7.7.1 | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_cloud_compute | — | — |
| paloalto | prisma_sd-wan | — | — |
| sudo_project | sudo | — | — |
| sudo_project | sudo | >= 0 < 1.9.5p1-1.1 | 1.9.5p1-1.1 |
| sudo_project | sudo | >= 0 < 1.9.5p1-1.1 | 1.9.5p1-1.1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vulncheck7.8HIGH
cisa7.8HIGH