sudo project

Top products

The 15 most recently published vulnerabilities affecting sudo project.

• CVE-2026-35535In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.7.4Apr 3, 2026
• CVE-2025-32463Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.KEV9.3Jun 30, 2025
• CVE-2025-32462Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.2.8Jun 30, 2025
• CVE-2023-7090Sudo: improper handling of ipa_hostname leads to privilege mismanagement6.6Dec 23, 2023
• CVE-2023-42465Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equalin...7.0Dec 22, 2023
• CVE-2023-28487Sudo before 1.9.13 does not escape control characters in sudoreplay output.5.3Mar 16, 2023
• CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.5.3Mar 16, 2023
• CVE-2023-27320Sudo before 1.9.13p2 has a double free in the per-command chroot feature.7.2Feb 28, 2023
• CVE-2023-22809In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to a...7.8Jan 18, 2023
• CVE-2022-43995Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be trigge...7.1Nov 2, 2022
• CVE-2021-3156Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends w...KEV7.8Jan 26, 2021
• CVE-2021-23240selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrar...7.8Jan 12, 2021
• CVE-2021-23239The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controll...2.5Jan 12, 2021
• CVE-2019-18634In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and e...7.8Jan 29, 2020
• CVE-2005-4890There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl t...7.8Nov 4, 2019