CVE-2023-27320

CWE-4158 documents8 sources
Severity
7.2HIGH
EPSS
0.2%
top 56.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sudo Project SudoFedoraproject Fedora
Timeline
PublishedFeb 28
Latest updateMar 2

Description

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDsudo_project/sudo1.9.81.9.13+1
Debiansudo< 1.9.13p3-1+2

Also affects: Fedora 36, 37, 38

🔴Vulnerability Details

3
GHSA
GHSA-w8wp-rv4w-h5pp: Sudo before 12023-02-28
CVEList
CVE-2023-27320: Sudo before 12023-02-28
OSV
CVE-2023-27320: Sudo before 12023-02-28

📋Vendor Advisories

4
Ubuntu
Sudo vulnerability2023-03-02
Red Hat
sudo: double free with per-command chroot sudoers rules2023-02-28
Microsoft
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.2023-02-14
Debian
CVE-2023-27320: sudo - Sudo before 1.9.13p2 has a double free in the per-command chroot feature.2023
CVE-2023-27320 (HIGH CVSS 7.2) | Sudo before 1.9.13p2 has a double f | cvebase.io