CVE-2019-15900

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15900
Published
2019-10-18T16:15:10.257Z
Modified
2026-04-11T14:11:03.509562Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.

References

Affected packages

Git / github.com/slicer69/doas

Affected ranges

Type
GIT
Repo
https://github.com/slicer69/doas
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1c2858c681935a040cd2313e599b05a5dd40be95
Fixed
2f83222829448e5bc4c9391d607ec265a1e06531
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.2"
        }
    ]
}

Affected versions

6.*
6.0-1
6.0p0
6.0p1
6.0p2
6.0p3
6.0p4
6.1
6.1p1
v5.*
v5.9
v5.9-1
v5.9-2
v5.9-3
v5.9-4
v5.9-5
v5.9-6
v5.9-7
v6.*
v6.0-0
v6.0p0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15900.json"
vanir_signatures_modified 
"2026-04-11T14:11:03Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 370.0,
            "function_hash": "266296991134810920258128410524703637520"
        },
        "source": "https://github.com/slicer69/doas/commit/2f83222829448e5bc4c9391d607ec265a1e06531",
        "id": "CVE-2019-15900-3ae2e939",
        "signature_type": "Function",
        "target": {
            "function": "parsegid",
            "file": "doas.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250914823833810285293079482049952578704",
                "197294044844770712924012022004621264890",
                "108109185316000985971082201321404095927",
                "145314675076227705290369440686879783501",
                "16671832619480168456010660477214813248",
                "69338107946595217041686593973829267182",
                "54836897644525216480907834479467472268",
                "111237984087887477869239362980147307270",
                "94033025074033857471827013339216874682",
                "332476682146955054843645613893299984583",
                "89421335575987988360587538432624857334",
                "333062873912320297316320785928971070219"
            ]
        },
        "source": "https://github.com/slicer69/doas/commit/1c2858c681935a040cd2313e599b05a5dd40be95",
        "id": "CVE-2019-15900-3cf81281",
        "signature_type": "Line",
        "target": {
            "file": "doas.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "77395771208282268693997227990409505562",
                "211361197346725683365328174351071453735",
                "112781367654528564918063634607454395652",
                "95301899913539240870913893487146184124"
            ]
        },
        "source": "https://github.com/slicer69/doas/commit/1c2858c681935a040cd2313e599b05a5dd40be95",
        "id": "CVE-2019-15900-68bce56d",
        "signature_type": "Line",
        "target": {
            "file": "execvpe.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "161436026717749394231187615494824062368",
                "240990572477761158021740583364541491731",
                "9629622666929093245658212775283599446",
                "259423222634234242547647147230636170811",
                "38735327664398550148731219402092184649",
                "248298967798001791048825694738597410051",
                "206335043750931323256391529073543522128",
                "90327457158411487663584959385201418031",
                "205948000800797245708663078642176838629",
                "116853932474837646133580066077067177836",
                "77598910437713689299743859517413341517",
                "301956741432154126966077242761324880287",
                "262746729953958696488059471402592917600",
                "6005761227142916895009965049942594972",
                "154289742668512170089586279602942840782",
                "30212061962853294714546223078066022174",
                "302597760226101407388597236378922561592",
                "219517769209492200907224748183746709298",
                "221038129423982250277593961285383747514",
                "167933244709772291290733260137162877605",
                "214737444738495099761361442236329520413",
                "116853932474837646133580066077067177836",
                "77598910437713689299743859517413341517",
                "301956741432154126966077242761324880287"
            ]
        },
        "source": "https://github.com/slicer69/doas/commit/2f83222829448e5bc4c9391d607ec265a1e06531",
        "id": "CVE-2019-15900-a16f009a",
        "signature_type": "Line",
        "target": {
            "file": "doas.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 1884.0,
            "function_hash": "260128427067475575999234089115858697183"
        },
        "source": "https://github.com/slicer69/doas/commit/1c2858c681935a040cd2313e599b05a5dd40be95",
        "id": "CVE-2019-15900-b22417ee",
        "signature_type": "Function",
        "target": {
            "function": "execvpe",
            "file": "execvpe.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 5831.0,
            "function_hash": "1093068236214784544660255800299605419"
        },
        "source": "https://github.com/slicer69/doas/commit/1c2858c681935a040cd2313e599b05a5dd40be95",
        "id": "CVE-2019-15900-d97bc421",
        "signature_type": "Function",
        "target": {
            "function": "main",
            "file": "doas.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 370.0,
            "function_hash": "8583189512477610533521138920454968142"
        },
        "source": "https://github.com/slicer69/doas/commit/2f83222829448e5bc4c9391d607ec265a1e06531",
        "id": "CVE-2019-15900-dedc7342",
        "signature_type": "Function",
        "target": {
            "function": "parseuid",
            "file": "doas.c"
        }
    }
]