CVE-2023-42465

CWE-13197 documents7 sources
Severity
7.0HIGH
EPSS
0.0%
top 99.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sudo Project Sudo
Timeline
PublishedDec 22

Description

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDsudo_project/sudo< 1.9.15
Debiansudo< 1.9.15p2-2+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
CVE-2023-42465: Sudo before 12023-12-22
CVEList
CVE-2023-42465: Sudo before 12023-12-22
GHSA
GHSA-62rj-gv2c-8ghr: Sudo before 12023-12-22

📋Vendor Advisories

3
Microsoft
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a2023-12-12
Red Hat
sudo: Targeted Corruption of Register and Stack Variables2023-09-05
Debian
CVE-2023-42465: sudo - Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or ...2023
CVE-2023-42465 (HIGH CVSS 7) | Sudo before 1.9.15 might allow row | cvebase.io