cbcvebase.
CVE-2023-42465
published 2023-12-22

CVE-2023-42465: Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not…

high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

Affected

5 ranges
VendorProductVersion rangeFixed in
debiansudo< sudo 1.9.15p2-2 (forky)sudo 1.9.15p2-2 (forky)
msrccbl2_sudo_1.9.15p5-1_on_cbl_mariner_2.0
sudo_projectsudo< 1.9.151.9.15
sudo_projectsudo>= 0 < 1.9.15p2-21.9.15p2-2
sudo_projectsudo>= 0 < 1.9.15p2-21.9.15p2-2

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.0HIGH