CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
sudo_projectsudo
1.8.0 ≤
𝑥
< 1.9.12
sudo_projectsudo
1.9.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sudo
bookworm
1.9.13p3-1+deb12u1
fixed
bullseye
unimportant
bullseye (security)
unimportant
sid
1.9.16-2
fixed
trixie
1.9.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sudo
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
sudo
suse enterprise desktop 15 SP4
1.9.9-150400.4.6.1
fixed
suse enterprise sap 15
1.8.27-150000.4.30.1
fixed
suse enterprise sap 15 SP1
1.8.27-150000.4.30.1
fixed
suse enterprise sap 15 SP2
1.8.27-150000.4.30.1
fixed
suse enterprise sap 15 SP4
1.9.9-150400.4.6.1
fixed
suse enterprise server 15
1.8.27-150000.4.30.1
fixed
suse enterprise server 15 SP1
1.8.27-150000.4.30.1
fixed
suse enterprise server 15 SP2
1.8.27-150000.4.30.1
fixed
suse enterprise server 15 SP4
1.9.9-150400.4.6.1
fixed
sudo-devel
suse enterprise desktop 15 SP4
1.9.9-150400.4.6.1
fixed
suse enterprise sap 15
1.8.27-150000.4.30.1
fixed
suse enterprise sap 15 SP1
1.8.27-150000.4.30.1
fixed
suse enterprise sap 15 SP2
1.8.27-150000.4.30.1
fixed
suse enterprise sap 15 SP4
1.9.9-150400.4.6.1
fixed
suse enterprise server 15
1.8.27-150000.4.30.1
fixed
suse enterprise server 15 SP1
1.8.27-150000.4.30.1
fixed
suse enterprise server 15 SP2
1.8.27-150000.4.30.1
fixed
suse enterprise server 15 SP4
1.9.9-150400.4.6.1
fixed
sudo-plugin-python
suse enterprise desktop 15 SP4
1.9.9-150400.4.6.1
fixed
suse enterprise sap 15 SP4
1.9.9-150400.4.6.1
fixed
suse enterprise server 15 SP4
1.9.9-150400.4.6.1
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2139911
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
https://news.ycombinator.com/item?id=33465707
https://security.gentoo.org/glsa/202211-08
https://www.sudo.ws/security/advisories/
https://bugzilla.redhat.com/show_bug.cgi?id=2139911
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
https://news.ycombinator.com/item?id=33465707
https://security.gentoo.org/glsa/202211-08
https://www.sudo.ws/security/advisories/