CVE-2023-28486
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-28486
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28486.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-28486
- Downstream
- Related
- Published
- 2023-03-16T01:15:47Z
- Modified
- 2025-10-16T09:41:03.044832Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Sudo before 1.9.13 does not escape control characters in log messages.
- References
-
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
- https://security.gentoo.org/glsa/202309-12
- https://security.netapp.com/advisory/ntap-20230420-0002/
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html
Affected packages
Git / github.com/sudo-project/sudo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sudo-project/sudo
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
Other
SUDO_1_3_0
SUDO_1_3_1
SUDO_1_4_0
SUDO_1_5_0
SUDO_1_5_1
SUDO_1_5_2
SUDO_1_5_3
SUDO_1_5_4
SUDO_1_5_6
SUDO_1_5_7
SUDO_1_5_8
SUDO_1_5_9
SUDO_1_6_0
SUDO_1_6_1
SUDO_1_6_2
SUDO_1_6_3
SUDO_1_6_4
SUDO_1_6_5
SUDO_1_6_6
SUDO_1_6_7
SUDO_1_6_8
SUDO_1_6_8p1
SUDO_1_7_0
SUDO_1_7_1
SUDO_1_7_2
SUDO_1_8_0
SUDO_1_9_0
v1.*
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.8p1
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.9.0
Database specific
vanir_signatures
[
{
"id": "CVE-2023-28486-0c4fc12e",
"target": {
"function": "list_session",
"file": "plugins/sudoers/sudoreplay.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"function_hash": "229369774424280178805318278907224419721",
"length": 1493.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-28486-1d7ec19a",
"target": {
"file": "include/sudo_lbuf.h"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"threshold": 0.9,
"line_hashes": [
"12887639754874148520502753046394007252",
"62944566902382715355101543327417312361",
"27071161569768023308405698066271319330",
"13394220567081593476006334224345693906",
"243228231160196353840374475420665592802",
"20177373677433852621434283607555013823",
"46562408092224571220417877007408700566"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-28486-48cba031",
"target": {
"function": "match_expr",
"file": "plugins/sudoers/sudoreplay.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"function_hash": "117744953839383989958255480285609696630",
"length": 1741.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-28486-713dd463",
"target": {
"function": "main",
"file": "plugins/sudoers/sudoreplay.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"function_hash": "181724346309858919556891521782781830402",
"length": 4739.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-28486-8eb3a0ec",
"target": {
"file": "lib/iolog/iolog_json.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"threshold": 0.9,
"line_hashes": [
"88561141825058651877754804628917490179",
"205709282098242392360851281985359208129",
"96832792239926761070943447314306522049",
"213060654868847572919553181536664660452",
"333909093857044282199338814806343288364",
"51793881837699632130089531126876243642",
"71047399382100625907376913950328726610",
"60975520160070519814888757028725569422",
"203115298431591787931170677543179011007",
"22681303034829771283572016665555912729",
"293163614450374067872999449736702599597",
"80823416557191237484603998615292444996",
"13490957000082345753442710983503960902",
"53633565712905496252490796197958929752",
"212215517506587210663428752869797728423",
"288348947633237594497128474506595947182",
"178924492585297524454398594365241767049",
"17088555687564705200448805883597512008",
"249476610963586517282689589725645693900",
"85215095900172957524726695989155111731",
"322761479524946293309307201836543333958",
"281972985078892481759339275825886977671",
"51747668364433138846297594333562983683",
"123459459502482816273626693964449562222",
"194358480440165532189112222576132690163",
"288348947633237594497128474506595947182",
"16148983680417285272657957262014898690",
"327270549485404132139375131069777385192",
"167565276299181495804641757456076708189",
"136579601357399195377658017533684002309",
"335161552473685647234378037910594834288",
"312007036072393481629089441542003443918",
"110511688030471787061135011374098825470"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-28486-9d3d3444",
"target": {
"file": "lib/util/lbuf.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"threshold": 0.9,
"line_hashes": [
"20294921160201523554480765810867887145",
"73699963103081400850325532650832698679",
"61501406704020802837717534991881735104"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-28486-adcfedf7",
"target": {
"function": "iolog_parse_json_object",
"file": "lib/iolog/iolog_json.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"function_hash": "289260589018902025477806793421579244812",
"length": 2334.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-28486-c841d37e",
"target": {
"function": "new_logline",
"file": "lib/eventlog/eventlog.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"function_hash": "37123049824665006123331254183765143803",
"length": 6536.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-28486-c9c47705",
"target": {
"function": "find_sessions",
"file": "plugins/sudoers/sudoreplay.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"function_hash": "221424393065734271445815024745587574853",
"length": 2152.0
},
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2023-28486-d2ffbb56",
"target": {
"file": "plugins/sudoers/sudoreplay.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"threshold": 0.9,
"line_hashes": [
"79938060020032550669334080656305780240",
"104622220315921361408042702109097276637",
"163551480692929259963307445623762367121",
"60470986352705334787812809597078772831",
"205233607313178758780538877011108671082",
"302822651496930445499020761665014421669",
"331409663864336133191768975247560731270",
"306155813448311569706209685520731385720",
"325609853416732186869357447461731350842",
"227361307088977682724717347689877281233",
"169921018407105751837594308609829423936",
"55459226748201153693877193121956995239",
"242345830000190253040149832685637086735",
"163927875732252693599467900340657688430",
"285430722743882785732477352061419871770",
"317275689551294905195292139587576273233",
"319987802383151496908004466681611219052",
"248499098863944273606438750000441240488",
"30206825801222983501611401874234202900",
"100057143632707043411208230318939401011",
"184985575929687687356305671383586710721",
"217546073998253128409470366200234969075",
"272630918858788579305872844886152835212",
"65655941768865015638566776347436148082",
"110258015299414721107572706220174682915",
"221743744659451200398388230972507568201",
"273064369391405228075911802571294294277",
"272729383302472681980465664244539560408",
"226369709833654011711206794209016559511",
"150557451949978199703088038454219142989",
"167766646525065510121132609929252900369",
"206818684876607287556420172279655734625",
"130648503039177147469008435370966078291",
"331423256326660860944531273477917423221",
"9252130110509651116107762208088444153",
"54325242330328283311263790554602230743",
"91176435971745653091389538647633594226",
"40584989028629366120175000297821806232",
"78464632945365626626130285305479228737",
"121367910824853255631103645525463488088",
"132791601117407536681466446521723485590",
"174185228029422269582383897268397375268",
"72851396292071905296783532262151296361",
"79685283249498663060956452425550977966",
"169280456907925778310450029244459826901",
"331208191390733745698507694068388291466",
"18843189556522226778778859701176714912",
"318239804915552232334204479747798067803",
"76262873083715911003128427819213780861",
"240099543013059359133481911275833067339",
"9287202851940666149804456678655398489",
"321319063238615019356143658696940907040",
"325535339717564207112825057365647713832",
"214202059266939707568862648371458935913",
"118272724948898658421600468032815966550",
"81743000196074522344673909526808326561",
"145541086334160033779857184584769188687",
"61963290662897870071390438151309870015",
"256071822667253756915629845443285640666",
"105546259740745656875837291297604570120",
"146673393641018798618317828119352583573",
"339508306976086730307027743045510365276",
"21469540368364074688754254712945700663",
"61067150532507238347069811694707343003",
"23385135017299042150457619877187207178",
"333724714077886009068403676561890277350",
"258249569805793860360449699695505684226",
"25699464082482336087024733791881421512"
]
},
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2023-28486-df87ce9c",
"target": {
"file": "lib/eventlog/eventlog.c"
},
"signature_version": "v1",
"source": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca",
"digest": {
"threshold": 0.9,
"line_hashes": [
"30829567441753039279457075010492954997",
"172021069468974335229812762823337476245",
"329035798817904485017714781776452164411",
"122505940478587134283819311857456581809",
"24036062319037983999733182164933148122",
"101044055946130415736500685302278253920",
"285346383237997832207792581232890673501",
"170780677828826633624309697707272659036",
"264897052502409779011914456744118112611",
"37680873387100121364331059049582484325",
"229739713821178125661553588221898823783",
"240540883892228765996470986419175620436",
"85584427835132742112981341772474842945",
"133901044771315379836262058356084045655",
"214159242724348606587548824729869568928",
"113556430637237165998963527516859336245",
"156617949189599673437999773466218442804",
"43047590198142729458421722873024467121",
"9459426474483519688632493904202123370",
"224186434470857001306013097736039870608",
"254942329513642551583469570654714274150",
"78929108581487038110071353459103435902",
"319402537963755531282286401608888559323",
"131989409393210350405161703303214063243",
"305847330618998460700945958370959471014",
"92492736796608390948121179200664523681",
"188320566635992327735461509943419153702",
"95263505349127957940834689939562526028",
"166752416410685616950027367457370159275",
"337555429325860950748759202967477586117",
"277388989270421287195304231205945339375",
"311175447685264820865077258879897404038",
"177706900823535722688949711716111308378",
"48343993626544353351856952112315324523",
"59085258384168734411043703916660242059",
"40382788326977769812135258048998280390",
"136265654362617243786290836988588828771",
"175207820399120319665578221258603640459",
"332806016411120083976127076291411565255",
"35173738979115096670580758945338212810",
"303794248929240002042279650289702964303",
"284046743711014559778592062619145040173",
"90101086192999960992648199367512975966",
"125593390789236877395234934188209921214",
"273435572839131556485734798834589297318",
"91037989438645720326176956666475356598",
"140070656139325480459787478684093864524",
"254890473401760226179436322221973835497",
"274528534088188931232181839953028912952",
"249859362303484077571900794707482872001",
"44941650846224644125207125230276384421",
"54877591393198952344923063210963681312",
"124343687221614709020763000723379913460",
"177916020802187920070732085459671030511",
"88582008111439008977787411946426787868",
"237231048687982379659405150474096512991",
"13196549290380393750535523906398831042",
"188389717842974508440195583171345668084",
"302815256170191217187227783715713325292",
"319893902004439102367009146099180750122",
"277012779410107586922979646337608802014",
"182620028282464050863266985434056125839",
"106286249873879194590378351044324356798",
"180823641308839489520382851695083642761",
"319741192355990315197107940051819285827",
"209646334667419312552666372566747654674",
"194126305518558396552092799244629578505",
"265735662323193274955297665224890016941",
"260945286047961212095571950759757496611",
"72632307916411367845722057242663756357",
"95608571732217333104217909885921878648",
"19061622311528627876499898853946811024",
"74803312739527283686465934911368305084",
"115492191811612462318467908327173883656",
"292409212153795760796928239510263598548",
"244096941117297739634185850137524374401",
"9360735720621287007007306702902049815",
"76948199687682789365446644227419699003",
"92848073334322986627606898685156020270",
"121427524810380026092675709350155949630",
"179874262026414756533560456239836221222",
"215439581924107827587091762513306856436",
"56411015526412569540739060173247318272",
"142415772657130098312827715761594905681",
"71707391045837859736352094712133495798",
"259662016248845712530245768492847786271",
"96864765436247372828392861231789800482",
"154622945500175911532662991633858788378",
"66891853155633328305289805303630223021",
"112964790100188168288716534633816674905",
"142324442656647980462014319042241155030",
"213410423685154344069861992543376482517",
"278550674011030207916373755335398798232",
"109007855110839966824450532641739577804",
"151516566576455706349792098478584961360",
"245820389257229897599605796117351438840",
"133203680917106341488269515677696302635",
"249617113318669646440013788606160770563",
"165923656351055655748131968473566313833",
"230744745281654637090196049036600627610",
"42531362148378433430658996942977021974",
"75259373983585584543866615368577701551",
"198156145007465302486619762746445486430",
"161754478303173399331102312169980974987",
"93726953981616017873186453620698999098",
"324322132530677908745202902013437187245",
"192084730532214012513706070680299582338",
"55462191770485792262022213342826726029",
"174529830268960112436365988300037890265",
"328036488344806134467639945082214687153",
"7370760247107881511370473326153393418",
"325282815742907818131401448083022120409",
"58664179599188939843460576246205265565",
"220364303503514949640203321482788995431",
"130469774933221518942281964626577108620",
"81221890116586618295885727803425720015",
"228966442349655011310576183486179813686",
"43221600822275956686817322478834900517",
"139028481580357834924908310213874320605",
"146679191337036681563509625088677680213",
"339377293597413030042481333151002444780",
"106794402905271637900839192919445848537",
"146113817368483289248051975586802961346",
"65513835383927388539906200731829030688",
"212530876360349395158104773997376917047",
"163106111313240373567931291129053138950",
"287029547144251967238314977657474755832",
"330888901681076426466880103830124779333",
"292430427543451122116339603958277830228",
"75000511757599351384689618485600251241",
"203654273727256440277712436028840261481",
"230139203109376317149407410413883166514",
"118777588781020122457259913932944853792",
"233232951518760562696690519945173119825",
"201958358849449964179897964992907129754",
"130990324308280237319962473798456132346",
"105761729910849391016030807649195288105",
"148255864893519267390886415490999933950",
"325495963665416190567404595333251377510",
"314033995325508933640165199480046627237",
"209537086515389493350690293583262327698",
"336638940344232576748879325555018675295",
"290195650426669229972631794666852882697",
"316869846325139134482197498396040947241",
"98978685999047704260859901809658601436",
"66713046972866171141666793448592911937",
"70951605814537274226637448056123243999",
"73045283482278233723603724305529468197",
"720907170848882467705951804579368412",
"226330843417486150718958423314200243673",
"85144265477076689970926204960836968161",
"314206670183415726373366894898938001149",
"172619242598087600524357852643014180853",
"95735506433390110201943194434443674531",
"211508082821721872042131888954439020456",
"14820181320432517809550812990812098366",
"106575764043889430725523991693679123277",
"146798220457495541474831224980364084352",
"58343409377693221464216214816153043745",
"171414871098417147096774123239360254997",
"291092557268477884104388153207884660786",
"32241306396798427306414738535930101516",
"231643974046669062997503464257060974385",
"240371940621273824718247138934059357368",
"184806936220531504658098381513659197731",
"81919277886666188488480283812292067444",
"149377358225375140122497145260569518104",
"265435439802591273091925961586711629575",
"157726979914407471226180482242918013324",
"66556945124345588738961021758831303356",
"207042117223902267080839941051962273975",
"74099799669146619617408681253079733253",
"141337891528981270783627667510716406451",
"57841797452775091847200188806983454974",
"176201283758975074946037650289294166513",
"53897784563193873017375327121188859185",
"138842211895113693805081800291293443999",
"150571077837334685473369971380323531529",
"85572648938815739982053939953195607467",
"197776950827311891957078295925340475382",
"141106767238843248766991195816143251449",
"247907712445775656169159254046884615456",
"319632202802450905272038994701258323433",
"296266009731088054802293654036564218745",
"80843244448872150281947923974883503885",
"116331513714392116236572826868808020391",
"295962421347268420065842550415190149939",
"82040104080902747463805723425594009265",
"317880321661169542885238195610237209337"
]
},
"deprecated": false,
"signature_type": "Line"
}
]