cbcvebase.

Sudo Project Sudo vulnerabilities

48 known vulnerabilities affecting sudo_project/sudo.

Total CVEs
48
CISA KEV
2
actively exploited
Public exploits
13
Exploited in wild
4
Severity breakdown
HIGH26MEDIUM17LOW5

Vulnerabilities

Page 1 of 3
CVE-2021-3156P1HIGHCVSS 7.8KEVPoC≥ 1.8.2, < 1.8.32≥ 1.9.0, < 1.9.5+1 more2021-01-26
CVE-2021-3156 [HIGH] CWE-193 CVE-2021-3156: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, wh Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
nvdosv
CVE-2025-32463P1HIGHCVSS 7.8KEVPoC≥ 1.9.14, < 1.9.17v1.9.17+1 more2025-06-30
CVE-2025-32463 [HIGH] CWE-829 CVE-2025-32463: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
nvdosv
CVE-2023-22809P1HIGHCVSS 7.8ExploitedPoC≥ 1.8.0, < 1.9.12v1.9.122023-01-18
CVE-2023-22809 [HIGH] CWE-269 CVE-2023-22809: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem e
nvdosv
CVE-2017-1000367P2MEDIUMCVSS 6.4ExploitedPoC≤ 1.8.202017-06-05
CVE-2017-1000367 [MEDIUM] CWE-362 CVE-2017-1000367: Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
nvdosv
CVE-2019-14287P2HIGHCVSS 8.8PoCfixed in 1.8.282019-10-17
CVE-2019-14287 [HIGH] CWE-755 CVE-2019-14287: In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain poli In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
nvdosv
CVE-2019-18634P2HIGHCVSS 7.8PoC≥ 1.7.1, < 1.8.262020-01-29
CVE-2019-18634 [HIGH] CWE-787 CVE-2019-18634: In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buf In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs
nvdosv
CVE-2025-32462P2HIGHCVSS 8.8PoCfixed in 1.9.17v1.9.17+1 more2025-06-30
CVE-2025-32462 [HIGH] CWE-863 CVE-2025-32462: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the curren Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
nvdosv
CVE-2012-0809P3HIGHCVSS 7.2PoC≥ 0, < 1.8.3p2-12012-02-01
CVE-2012-0809 [HIGH] CVE-2012-0809: Format string vulnerability in the sudo_debug function in Sudo 1 Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
osv
CVE-2015-5602P3HIGHCVSS 7.2PoC≤ 1.8.142015-11-17
CVE-2015-5602 [HIGH] CWE-264 CVE-2015-5602: sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
nvdosv
CVE-2002-0184P4HIGHCVSS 7.8PoCfixed in 1.6.62002-05-16
CVE-2002-0184 [HIGH] CWE-131 CVE-2002-0184: Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
nvd
CVE-2013-1775P4MEDIUMCVSS 6.9PoC≥ 0, < 1.8.5p2-1+nmu12013-03-05
CVE-2013-1775 [MEDIUM] CVE-2013-1775: sudo 1 sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
osv
CVE-2023-7090P3HIGHCVSS 8.8fixed in 1.8.282023-12-23
CVE-2023-7090 [HIGH] CWE-269 CVE-2023-7090: A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.con A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
nvdosv
CVE-2019-19234P3HIGHCVSS 7.5≥ 0, < 1.8.31-12019-12-19
CVE-2019-19234 [HIGH] CVE-2019-19234: In Sudo through 1 In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user ma
osv
CVE-2019-19232P3HIGHCVSS 7.5≥ 0, < 1.8.31-12019-12-19
CVE-2019-19232 [HIGH] CVE-2019-19232: In Sudo through 1 In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an
osv
CVE-2021-23240P3HIGHCVSS 7.8fixed in 1.8.32≥ 1.9.0, < 1.9.52021-01-12
CVE-2021-23240 [HIGH] CWE-59 CVE-2021-23240: selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain f selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
nvdosv
CVE-2026-35535P3HIGHCVSS 7.8fixed in 1.9.17v1.9.17+3 more2026-04-03
CVE-2026-35535 [HIGH] CWE-271 CVE-2026-35535: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
nvdosv
CVE-2016-7076P3HIGHCVSS 7.8≥ 1.6.8, ≤ 1.8.182018-05-29
CVE-2016-7076 [HIGH] CWE-184 CVE-2016-7076: sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.
nvdosv
CVE-2023-27320P3HIGHCVSS 7.2≥ 1.9.8, < 1.9.13v1.9.132023-02-28
CVE-2023-27320 [HIGH] CWE-415 CVE-2023-27320: Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
nvdosv
CVE-2005-4158P4MEDIUMCVSS 4.6PoC≥ 0, < 1.6.8p12-12005-12-11
CVE-2005-4158 [MEDIUM] CVE-2005-4158: Sudo before 1 Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
osv
CVE-2005-4890P3HIGHCVSS 7.8≥ 1.3.0, ≤ 1.7.42019-11-04
CVE-2005-4890 [HIGH] CWE-20 CVE-2005-4890: There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - use There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
nvdosv
Sudo Project Sudo vulnerabilities | cvebase