CVE-2019-18634
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-18634
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18634.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-18634
- Related
- Published
- 2020-01-29T18:15:12Z
- Modified
- 2024-09-18T03:04:03.006278Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
- References
-
- http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html
- http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html
- https://access.redhat.com/errata/RHSA-2020:0487
- https://access.redhat.com/errata/RHSA-2020:0509
- https://access.redhat.com/errata/RHSA-2020:0540
- https://access.redhat.com/errata/RHSA-2020:0726
- https://security.gentoo.org/glsa/202003-12
- https://security.netapp.com/advisory/ntap-20200210-0001/
- https://www.debian.org/security/2020/dsa-4614
- https://www.sudo.ws/alerts/pwfeedback.html
- https://www.sudo.ws/security.html
- http://seclists.org/fulldisclosure/2020/Jan/40
- http://www.openwall.com/lists/oss-security/2020/01/30/6
- http://www.openwall.com/lists/oss-security/2020/01/31/1
- https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html
- https://seclists.org/bugtraq/2020/Feb/2
- https://seclists.org/bugtraq/2020/Feb/3
- https://seclists.org/bugtraq/2020/Jan/44
- http://www.openwall.com/lists/oss-security/2020/02/05/5
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html
- http://www.openwall.com/lists/oss-security/2020/02/05/2
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/
- https://support.apple.com/kb/HT210919
- https://usn.ubuntu.com/4263-1/
- https://usn.ubuntu.com/4263-2/
- https://security.alpinelinux.org/vuln/CVE-2019-18634
- https://security-tracker.debian.org/tracker/CVE-2019-18634
Affected packages
Alpine:v3.10 / sudo
Package
- Name
- sudo
- Purl
- pkg:apk/alpine/sudo?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.27-r2
Affected versions
1.*
1.6.9_p17-r1
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.2_p1-r0
1.7.2_p2-r0
1.7.2_p4-r0
1.7.2_p5-r0
1.7.2_p6-r0
1.7.2_p6-r1
1.7.2_p7-r0
1.7.3-r0
1.7.4_p2-r0
1.7.4_p3-r0
1.7.4_p4-r0
1.7.4_p5-r0
1.7.4p6-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1p1-r0
1.8.2-r0
1.8.3-r0
1.8.3_p1-r0
1.8.3_p2-r0
1.8.3_p2-r1
1.8.4-r0
1.8.4_p1-r0
1.8.4_p2-r0
1.8.4_p4-r0
1.8.5_p1-r0
1.8.5_p2-r0
1.8.5_p3-r0
1.8.6-r0
1.8.6_p1-r0
1.8.6_p3-r0
1.8.6_p4-r0
1.8.6_p5-r0
1.8.6_p6-r0
1.8.6_p7-r0
1.8.6_p8-r0
1.8.7-r0
1.8.8-r0
1.8.9_p4-r0
1.8.9_p5-r0
1.8.10-r0
1.8.10_p1-r0
1.8.10_p2-r0
1.8.10_p3-r0
1.8.11_p2-r0
1.8.12-r0
1.8.13-r0
1.8.14_p3-r0
1.8.14_p3-r1
1.8.15-r0
1.8.15-r1
1.8.16-r0
1.8.17-r0
1.8.17_p1-r0
1.8.18-r0
1.8.18_p1-r0
1.8.19_p1-r0
1.8.19_p2-r0
1.8.20_p1-r0
1.8.20_p2-r0
1.8.21_p2-r0
1.8.21_p2-r1
1.8.21_p2-r2
1.8.22-r2
1.8.23-r2
1.8.25_p1-r2
1.8.27-r0
1.8.27-r1
Alpine:v3.11 / sudo
Package
- Name
- sudo
- Purl
- pkg:apk/alpine/sudo?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.29-r2
Affected versions
1.*
1.6.9_p17-r1
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.2_p1-r0
1.7.2_p2-r0
1.7.2_p4-r0
1.7.2_p5-r0
1.7.2_p6-r0
1.7.2_p6-r1
1.7.2_p7-r0
1.7.3-r0
1.7.4_p2-r0
1.7.4_p3-r0
1.7.4_p4-r0
1.7.4_p5-r0
1.7.4p6-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1p1-r0
1.8.2-r0
1.8.3-r0
1.8.3_p1-r0
1.8.3_p2-r0
1.8.3_p2-r1
1.8.4-r0
1.8.4_p1-r0
1.8.4_p2-r0
1.8.4_p4-r0
1.8.5_p1-r0
1.8.5_p2-r0
1.8.5_p3-r0
1.8.6-r0
1.8.6_p1-r0
1.8.6_p3-r0
1.8.6_p4-r0
1.8.6_p5-r0
1.8.6_p6-r0
1.8.6_p7-r0
1.8.6_p8-r0
1.8.7-r0
1.8.8-r0
1.8.9_p4-r0
1.8.9_p5-r0
1.8.10-r0
1.8.10_p1-r0
1.8.10_p2-r0
1.8.10_p3-r0
1.8.11_p2-r0
1.8.12-r0
1.8.13-r0
1.8.14_p3-r0
1.8.14_p3-r1
1.8.15-r0
1.8.15-r1
1.8.16-r0
1.8.17-r0
1.8.17_p1-r0
1.8.18-r0
1.8.18_p1-r0
1.8.19_p1-r0
1.8.19_p2-r0
1.8.20_p1-r0
1.8.20_p2-r0
1.8.21_p2-r0
1.8.21_p2-r1
1.8.21_p2-r2
1.8.22-r2
1.8.23-r2
1.8.25_p1-r2
1.8.27-r0
1.8.28-r0
1.8.28p1-r0
1.8.29-r0
1.8.29-r1
Alpine:v3.12 / sudo
Package
- Name
- sudo
- Purl
- pkg:apk/alpine/sudo?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.31-r0
Affected versions
1.*
1.6.9_p17-r1
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.2_p1-r0
1.7.2_p2-r0
1.7.2_p4-r0
1.7.2_p5-r0
1.7.2_p6-r0
1.7.2_p6-r1
1.7.2_p7-r0
1.7.3-r0
1.7.4_p2-r0
1.7.4_p3-r0
1.7.4_p4-r0
1.7.4_p5-r0
1.7.4p6-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1p1-r0
1.8.2-r0
1.8.3-r0
1.8.3_p1-r0
1.8.3_p2-r0
1.8.3_p2-r1
1.8.4-r0
1.8.4_p1-r0
1.8.4_p2-r0
1.8.4_p4-r0
1.8.5_p1-r0
1.8.5_p2-r0
1.8.5_p3-r0
1.8.6-r0
1.8.6_p1-r0
1.8.6_p3-r0
1.8.6_p4-r0
1.8.6_p5-r0
1.8.6_p6-r0
1.8.6_p7-r0
1.8.6_p8-r0
1.8.7-r0
1.8.8-r0
1.8.9_p4-r0
1.8.9_p5-r0
1.8.10-r0
1.8.10_p1-r0
1.8.10_p2-r0
1.8.10_p3-r0
1.8.11_p2-r0
1.8.12-r0
1.8.13-r0
1.8.14_p3-r0
1.8.14_p3-r1
1.8.15-r0
1.8.15-r1
1.8.16-r0
1.8.17-r0
1.8.17_p1-r0
1.8.18-r0
1.8.18_p1-r0
1.8.19_p1-r0
1.8.19_p2-r0
1.8.20_p1-r0
1.8.20_p2-r0
1.8.21_p2-r0
1.8.21_p2-r1
1.8.21_p2-r2
1.8.22-r2
1.8.23-r2
1.8.25_p1-r2
1.8.27-r0
1.8.28-r0
1.8.28p1-r0
1.8.29-r0
1.8.30-r0
Alpine:v3.13 / sudo
Package
- Name
- sudo
- Purl
- pkg:apk/alpine/sudo?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.31-r0
Affected versions
1.*
1.6.9_p17-r1
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.2_p1-r0
1.7.2_p2-r0
1.7.2_p4-r0
1.7.2_p5-r0
1.7.2_p6-r0
1.7.2_p6-r1
1.7.2_p7-r0
1.7.3-r0
1.7.4_p2-r0
1.7.4_p3-r0
1.7.4_p4-r0
1.7.4_p5-r0
1.7.4p6-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1p1-r0
1.8.2-r0
1.8.3-r0
1.8.3_p1-r0
1.8.3_p2-r0
1.8.3_p2-r1
1.8.4-r0
1.8.4_p1-r0
1.8.4_p2-r0
1.8.4_p4-r0
1.8.5_p1-r0
1.8.5_p2-r0
1.8.5_p3-r0
1.8.6-r0
1.8.6_p1-r0
1.8.6_p3-r0
1.8.6_p4-r0
1.8.6_p5-r0
1.8.6_p6-r0
1.8.6_p7-r0
1.8.6_p8-r0
1.8.7-r0
1.8.8-r0
1.8.9_p4-r0
1.8.9_p5-r0
1.8.10-r0
1.8.10_p1-r0
1.8.10_p2-r0
1.8.10_p3-r0
1.8.11_p2-r0
1.8.12-r0
1.8.13-r0
1.8.14_p3-r0
1.8.14_p3-r1
1.8.15-r0
1.8.15-r1
1.8.16-r0
1.8.17-r0
1.8.17_p1-r0
1.8.18-r0
1.8.18_p1-r0
1.8.19_p1-r0
1.8.19_p2-r0
1.8.20_p1-r0
1.8.20_p2-r0
1.8.21_p2-r0
1.8.21_p2-r1
1.8.21_p2-r2
1.8.22-r2
1.8.23-r2
1.8.25_p1-r2
1.8.27-r0
1.8.28-r0
1.8.28p1-r0
1.8.29-r0
1.8.30-r0
Alpine:v3.14 / sudo
Package
- Name
- sudo
- Purl
- pkg:apk/alpine/sudo?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.31-r0
Affected versions
1.*
1.6.9_p17-r1
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.2_p1-r0
1.7.2_p2-r0
1.7.2_p4-r0
1.7.2_p5-r0
1.7.2_p6-r0
1.7.2_p6-r1
1.7.2_p7-r0
1.7.3-r0
1.7.4_p2-r0
1.7.4_p3-r0
1.7.4_p4-r0
1.7.4_p5-r0
1.7.4p6-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1p1-r0
1.8.2-r0
1.8.3-r0
1.8.3_p1-r0
1.8.3_p2-r0
1.8.3_p2-r1
1.8.4-r0
1.8.4_p1-r0
1.8.4_p2-r0
1.8.4_p4-r0
1.8.5_p1-r0
1.8.5_p2-r0
1.8.5_p3-r0
1.8.6-r0
1.8.6_p1-r0
1.8.6_p3-r0
1.8.6_p4-r0
1.8.6_p5-r0
1.8.6_p6-r0
1.8.6_p7-r0
1.8.6_p8-r0
1.8.7-r0
1.8.8-r0
1.8.9_p4-r0
1.8.9_p5-r0
1.8.10-r0
1.8.10_p1-r0
1.8.10_p2-r0
1.8.10_p3-r0
1.8.11_p2-r0
1.8.12-r0
1.8.13-r0
1.8.14_p3-r0
1.8.14_p3-r1
1.8.15-r0
1.8.15-r1
1.8.16-r0
1.8.17-r0
1.8.17_p1-r0
1.8.18-r0
1.8.18_p1-r0
1.8.19_p1-r0
1.8.19_p2-r0
1.8.20_p1-r0
1.8.20_p2-r0
1.8.21_p2-r0
1.8.21_p2-r1
1.8.21_p2-r2
1.8.22-r2
1.8.23-r2
1.8.25_p1-r2
1.8.27-r0
1.8.28-r0
1.8.28p1-r0
1.8.29-r0
1.8.30-r0
Alpine:v3.15 / sudo
Package
- Name
- sudo
- Purl
- pkg:apk/alpine/sudo?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.31-r0
Affected versions
1.*
1.6.9_p17-r1
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.2_p1-r0
1.7.2_p2-r0
1.7.2_p4-r0
1.7.2_p5-r0
1.7.2_p6-r0
1.7.2_p6-r1
1.7.2_p7-r0
1.7.3-r0
1.7.4_p2-r0
1.7.4_p3-r0
1.7.4_p4-r0
1.7.4_p5-r0
1.7.4p6-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1p1-r0
1.8.2-r0
1.8.3-r0
1.8.3_p1-r0
1.8.3_p2-r0
1.8.3_p2-r1
1.8.4-r0
1.8.4_p1-r0
1.8.4_p2-r0
1.8.4_p4-r0
1.8.5_p1-r0
1.8.5_p2-r0
1.8.5_p3-r0
1.8.6-r0
1.8.6_p1-r0
1.8.6_p3-r0
1.8.6_p4-r0
1.8.6_p5-r0
1.8.6_p6-r0
1.8.6_p7-r0
1.8.6_p8-r0
1.8.7-r0
1.8.8-r0
1.8.9_p4-r0
1.8.9_p5-r0
1.8.10-r0
1.8.10_p1-r0
1.8.10_p2-r0
1.8.10_p3-r0
1.8.11_p2-r0
1.8.12-r0
1.8.13-r0
1.8.14_p3-r0
1.8.14_p3-r1
1.8.15-r0
1.8.15-r1
1.8.16-r0
1.8.17-r0
1.8.17_p1-r0
1.8.18-r0
1.8.18_p1-r0
1.8.19_p1-r0
1.8.19_p2-r0
1.8.20_p1-r0
1.8.20_p2-r0
1.8.21_p2-r0
1.8.21_p2-r1
1.8.21_p2-r2
1.8.22-r2
1.8.23-r2
1.8.25_p1-r2
1.8.27-r0
1.8.28-r0
1.8.28p1-r0
1.8.29-r0
1.8.30-r0
Alpine:v3.8 / sudo
Package
- Name
- sudo
- Purl
- pkg:apk/alpine/sudo?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.23-r4
Affected versions
1.*
1.6.9_p17-r1
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.2_p1-r0
1.7.2_p2-r0
1.7.2_p4-r0
1.7.2_p5-r0
1.7.2_p6-r0
1.7.2_p6-r1
1.7.2_p7-r0
1.7.3-r0
1.7.4_p2-r0
1.7.4_p3-r0
1.7.4_p4-r0
1.7.4_p5-r0
1.7.4p6-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1p1-r0
1.8.2-r0
1.8.3-r0
1.8.3_p1-r0
1.8.3_p2-r0
1.8.3_p2-r1
1.8.4-r0
1.8.4_p1-r0
1.8.4_p2-r0
1.8.4_p4-r0
1.8.5_p1-r0
1.8.5_p2-r0
1.8.5_p3-r0
1.8.6-r0
1.8.6_p1-r0
1.8.6_p3-r0
1.8.6_p4-r0
1.8.6_p5-r0
1.8.6_p6-r0
1.8.6_p7-r0
1.8.6_p8-r0
1.8.7-r0
1.8.8-r0
1.8.9_p4-r0
1.8.9_p5-r0
1.8.10-r0
1.8.10_p1-r0
1.8.10_p2-r0
1.8.10_p3-r0
1.8.11_p2-r0
1.8.12-r0
1.8.13-r0
1.8.14_p3-r0
1.8.14_p3-r1
1.8.15-r0
1.8.15-r1
1.8.16-r0
1.8.17-r0
1.8.17_p1-r0
1.8.18-r0
1.8.18_p1-r0
1.8.19_p1-r0
1.8.19_p2-r0
1.8.20_p1-r0
1.8.20_p2-r0
1.8.21_p2-r0
1.8.21_p2-r1
1.8.21_p2-r2
1.8.22-r2
1.8.23-r2
1.8.23-r3
Alpine:v3.9 / sudo
Package
- Name
- sudo
- Purl
- pkg:apk/alpine/sudo?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.25_p1-r3
Affected versions
1.*
1.6.9_p17-r1
1.7.0-r0
1.7.1-r0
1.7.2-r0
1.7.2_p1-r0
1.7.2_p2-r0
1.7.2_p4-r0
1.7.2_p5-r0
1.7.2_p6-r0
1.7.2_p6-r1
1.7.2_p7-r0
1.7.3-r0
1.7.4_p2-r0
1.7.4_p3-r0
1.7.4_p4-r0
1.7.4_p5-r0
1.7.4p6-r0
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1p1-r0
1.8.2-r0
1.8.3-r0
1.8.3_p1-r0
1.8.3_p2-r0
1.8.3_p2-r1
1.8.4-r0
1.8.4_p1-r0
1.8.4_p2-r0
1.8.4_p4-r0
1.8.5_p1-r0
1.8.5_p2-r0
1.8.5_p3-r0
1.8.6-r0
1.8.6_p1-r0
1.8.6_p3-r0
1.8.6_p4-r0
1.8.6_p5-r0
1.8.6_p6-r0
1.8.6_p7-r0
1.8.6_p8-r0
1.8.7-r0
1.8.8-r0
1.8.9_p4-r0
1.8.9_p5-r0
1.8.10-r0
1.8.10_p1-r0
1.8.10_p2-r0
1.8.10_p3-r0
1.8.11_p2-r0
1.8.12-r0
1.8.13-r0
1.8.14_p3-r0
1.8.14_p3-r1
1.8.15-r0
1.8.15-r1
1.8.16-r0
1.8.17-r0
1.8.17_p1-r0
1.8.18-r0
1.8.18_p1-r0
1.8.19_p1-r0
1.8.19_p2-r0
1.8.20_p1-r0
1.8.20_p2-r0
1.8.21_p2-r0
1.8.21_p2-r1
1.8.21_p2-r2
1.8.22-r2
1.8.23-r2
1.8.25_p1-r2
Debian:11 / sudo
Package
- Name
- sudo
- Purl
- pkg:deb/debian/sudo?arch=source
Debian:12 / sudo
Package
- Name
- sudo
- Purl
- pkg:deb/debian/sudo?arch=source
Debian:13 / sudo
Package
- Name
- sudo
- Purl
- pkg:deb/debian/sudo?arch=source
Git / github.com/millert/sudo
Affected versions
Other
SUDO_1_7_1
SUDO_1_7_2
SUDO_1_8_0
SUDO_1_8_1
SUDO_1_8_10
SUDO_1_8_10p1
SUDO_1_8_10p2
SUDO_1_8_10p3
SUDO_1_8_11
SUDO_1_8_11p1
SUDO_1_8_11p2
SUDO_1_8_12
SUDO_1_8_13
SUDO_1_8_14
SUDO_1_8_14p1
SUDO_1_8_14p3
SUDO_1_8_15
SUDO_1_8_16
SUDO_1_8_17
SUDO_1_8_17p1
SUDO_1_8_18
SUDO_1_8_18p1
SUDO_1_8_19
SUDO_1_8_19p1
SUDO_1_8_19p2
SUDO_1_8_2
SUDO_1_8_20
SUDO_1_8_20p1
SUDO_1_8_20p2
SUDO_1_8_21
SUDO_1_8_21p1
SUDO_1_8_21p2
SUDO_1_8_22
SUDO_1_8_23
SUDO_1_8_24
SUDO_1_8_25
SUDO_1_8_25p1
SUDO_1_8_3
SUDO_1_8_4
SUDO_1_8_4p1
SUDO_1_8_4p2
SUDO_1_8_4p3
SUDO_1_8_4p4
SUDO_1_8_4p5
SUDO_1_8_5
SUDO_1_8_5p1
SUDO_1_8_5p2
SUDO_1_8_5p3
SUDO_1_8_6
SUDO_1_8_6p1
SUDO_1_8_6p2
SUDO_1_8_6p3
SUDO_1_8_6p4
SUDO_1_8_6p5
SUDO_1_8_6p6
SUDO_1_8_6p7
SUDO_1_8_6p8
SUDO_1_8_7
SUDO_1_8_8
SUDO_1_8_9
SUDO_1_8_9p1
SUDO_1_8_9p2
SUDO_1_8_9p3
SUDO_1_8_9p4
SUDO_1_8_9p5