CVE-2010-1646

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2010-1646
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2010-1646.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2010-1646
Downstream
Related
Withdrawn
2026-01-27T04:10:16.712770Z
Published
2010-06-07T17:12:48Z
Modified
2026-01-27T04:10:16.712770Z
Summary
[none]
Details

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

References

Affected packages