CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
sudo_projectsudo
1.8.0 ≤
𝑥
< 1.9.12
sudo_projectsudo
1.9.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sudo
bullseye (security)
unimportant
bullseye
unimportant
bookworm
1.9.13p3-1+deb12u1
fixed
sid
1.9.16-2
fixed
trixie
1.9.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sudo
kinetic
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2139911
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
https://news.ycombinator.com/item?id=33465707
https://security.gentoo.org/glsa/202211-08
https://www.sudo.ws/security/advisories/
https://bugzilla.redhat.com/show_bug.cgi?id=2139911
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
https://news.ycombinator.com/item?id=33465707
https://security.gentoo.org/glsa/202211-08
https://www.sudo.ws/security/advisories/