CVE-2017-1000368

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000368
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000368.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000368
Downstream
Related
Published
2017-06-05T16:29:00.200Z
Modified
2026-03-15T22:13:05.411685Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the getprocessttyname() function resulting in information disclosure and command execution.

References

Affected packages

Git / github.com/millert/sudo

Affected ranges

Type
GIT
Repo
https://github.com/millert/sudo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
54a5f94e07d7f6c69750d181f06d74f49d0663d1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2d7fd01eab5a24847600e347300806df810dcdf3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.20-p1"
        }
    ]
}

Affected versions

Other
SUDO_1_3_0
SUDO_1_3_1
SUDO_1_4_0
SUDO_1_5_0
SUDO_1_5_1
SUDO_1_5_2
SUDO_1_5_3
SUDO_1_5_4
SUDO_1_5_6
SUDO_1_5_7
SUDO_1_5_8
SUDO_1_5_9
SUDO_1_6_0
SUDO_1_6_1
SUDO_1_6_2
SUDO_1_6_3
SUDO_1_6_4
SUDO_1_6_5
SUDO_1_6_6
SUDO_1_6_7
SUDO_1_6_8
SUDO_1_6_8p1
SUDO_1_7_0
SUDO_1_7_1
SUDO_1_7_2
SUDO_1_8_0
SUDO_1_8_1
SUDO_1_8_10
SUDO_1_8_10p1
SUDO_1_8_10p2
SUDO_1_8_10p3
SUDO_1_8_11
SUDO_1_8_11p1
SUDO_1_8_11p2
SUDO_1_8_12
SUDO_1_8_13
SUDO_1_8_14
SUDO_1_8_14p1
SUDO_1_8_14p3
SUDO_1_8_15
SUDO_1_8_16
SUDO_1_8_17
SUDO_1_8_17p1
SUDO_1_8_18
SUDO_1_8_18p1
SUDO_1_8_19
SUDO_1_8_19p1
SUDO_1_8_19p2
SUDO_1_8_2
SUDO_1_8_20
SUDO_1_8_3
SUDO_1_8_4
SUDO_1_8_4p1
SUDO_1_8_4p2
SUDO_1_8_4p3
SUDO_1_8_4p4
SUDO_1_8_4p5
SUDO_1_8_5
SUDO_1_8_5p1
SUDO_1_8_5p2
SUDO_1_8_5p3
SUDO_1_8_6
SUDO_1_8_6p1
SUDO_1_8_6p2
SUDO_1_8_6p3
SUDO_1_8_6p4
SUDO_1_8_6p5
SUDO_1_8_6p6
SUDO_1_8_6p7
SUDO_1_8_6p8
SUDO_1_8_7
SUDO_1_8_8
SUDO_1_8_9
SUDO_1_8_9p1
SUDO_1_8_9p2
SUDO_1_8_9p3
SUDO_1_8_9p4
SUDO_1_8_9p5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000368.json"