CVE-2019-15901
- Source
- https://cve.org/CVERecord?id=CVE-2019-15901
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15901.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-15901
- Published
- 2019-10-18T16:15:10.320Z
- Modified
- 2026-04-11T12:42:13.971614Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids.
- References
Affected packages
Git / github.com/slicer69/doas
Affected versions
6.*
6.0-1
6.0p0
6.0p1
6.0p2
6.0p3
6.0p4
6.1
6.1p1
v5.*
v5.9
v5.9-1
v5.9-2
v5.9-3
v5.9-4
v5.9-5
v5.9-6
v5.9-7
v6.*
v6.0-0
v6.0p0
Database specific
vanir_signatures_modified
"2026-04-11T12:42:13Z"
vanir_signatures
[
{
"source": "https://github.com/slicer69/doas/commit/6cf0236184ff6304bf5e267ccf7ef02874069697",
"target": {
"file": "doas.c"
},
"id": "CVE-2019-15901-37cc6403",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"257018084219185830283189870846042186451",
"263298338661025237681855152090152291472",
"244465731727258627921882727482949357179",
"240392789334711037839660733709662652480",
"318302556276251466072957026995482253703",
"334770976537425838896833539275400219885",
"144114532411389305376620096985217832909",
"73301086098618445718506707714661862641",
"238491780293075423002916085271141572710",
"283407144815843603917628835820737147263",
"294481694951028940687679809539951880275",
"254365220151682927526214587906755972702",
"141506775240760496158604477182184919853"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/slicer69/doas/commit/1c2858c681935a040cd2313e599b05a5dd40be95",
"target": {
"file": "execvpe.c"
},
"id": "CVE-2019-15901-68bce56d",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"77395771208282268693997227990409505562",
"211361197346725683365328174351071453735",
"112781367654528564918063634607454395652",
"95301899913539240870913893487146184124"
],
"threshold": 0.9
}
},
{
"source": "https://github.com/slicer69/doas/commit/1c2858c681935a040cd2313e599b05a5dd40be95",
"target": {
"function": "execvpe",
"file": "execvpe.c"
},
"id": "CVE-2019-15901-b22417ee",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "260128427067475575999234089115858697183",
"length": 1884.0
}
},
{
"source": "https://github.com/slicer69/doas/commit/6cf0236184ff6304bf5e267ccf7ef02874069697",
"target": {
"function": "main",
"file": "doas.c"
},
"id": "CVE-2019-15901-cede907b",
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "229816150909773915025832948416141121373",
"length": 5351.0
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15901.json"