CVE-2023-28486

CWE-116 CWE-1179 documents8 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 66.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sudo Project Sudo

Timeline

PublishedMar 16

Latest updateMay 29

Description

Sudo before 1.9.13 does not escape control characters in log messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsudo_project/sudo< 1.9.13

▶Debiansudo< 1.9.5p2-3+deb11u3+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-pr34-r4f9-f5c6: Sudo before 1↗2023-03-16

▶

CVEList

CVE-2023-28486: Sudo before 1↗2023-03-16

▶

OSV

CVE-2023-28486: Sudo before 1↗2023-03-16

▶

📋Vendor Advisories

Ubuntu

Sudo vulnerabilities↗2023-05-29

▶

Ubuntu

Sudo vulnerabilities↗2023-04-11

▶

Red Hat

sudo: Sudo does not escape control characters in log messages↗2023-03-16

▶

Microsoft

Sudo before 1.9.13 does not escape control characters in log messages.↗2023-03-14

▶

Debian

CVE-2023-28486: sudo - Sudo before 1.9.13 does not escape control characters in log messages.↗2023

▶