CVE-2021-3156

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3156
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3156.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3156
Downstream
Related
Published
2021-01-26T21:15:12.987Z
Modified
2025-12-06T00:05:35.517903Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

References

Affected packages

Git / github.com/millert/sudo

Affected ranges

Type
GIT
Repo
https://github.com/millert/sudo
Events
Introduced
82d8358a72b1e8784b5399c1ecb5d271ae91e125
Fixed
caa666c2dfa1f4286ccfbed5e512432665b72d3a

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3156.json"

Git / github.com/sudo-project/sudo

Affected ranges

Type
GIT
Repo
https://github.com/sudo-project/sudo
Events
Introduced
83d1bee918147a57804de77d3e1064a4e323f47e
Fixed
10d072a320c885e2e805ef2e47fe7a2ebde68abc

Affected versions

Other

SUDO_1_9_0
SUDO_1_9_1
SUDO_1_9_2
SUDO_1_9_3
SUDO_1_9_3p1
SUDO_1_9_4
SUDO_1_9_4p1
SUDO_1_9_4p2

v1.*

v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.3p1
v1.9.4
v1.9.4p1
v1.9.4p2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3156.json"