CVE-2012-0809

Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
Severity
UNKNOWN
AV:L/AC:L/Au:N/C:C/I:C/A:C
Atk. Vector
LOCAL
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
todd_millersudo
1.8.0
todd_millersudo
1.8.1
todd_millersudo
1.8.1p1
todd_millersudo
1.8.1p2
todd_millersudo
1.8.2
todd_millersudo
1.8.3
todd_millersudo
1.8.3p1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sudo
bullseye
1.9.5p2-3+deb11u1
fixed
bullseye (security)
1.9.5p2-3+deb11u1
fixed
squeeze
not-affected
lenny
not-affected
bookworm
1.9.13p3-1+deb12u1
fixed
sid
1.9.16-2
fixed
trixie
1.9.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sudo
precise
Fixed 1.8.3p1-1ubuntu3
released
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
not-affected