CVE-2019-18634
- Source
- https://cve.org/CVERecord?id=CVE-2019-18634
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18634.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-18634
- Downstream
- Related
- Published
- 2020-01-29T18:15:12.247Z
- Modified
- 2026-03-10T22:31:25.128974Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
- References
-
- https://usn.ubuntu.com/4263-2/
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/
- https://usn.ubuntu.com/4263-1/
- https://seclists.org/bugtraq/2020/Feb/2
- https://support.apple.com/kb/HT210919
- https://www.debian.org/security/2020/dsa-4614
- https://www.sudo.ws/security.html
- https://access.redhat.com/errata/RHSA-2020:0487
- https://access.redhat.com/errata/RHSA-2020:0509
- https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html
- http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html
- https://access.redhat.com/errata/RHSA-2020:0540
- https://seclists.org/bugtraq/2020/Jan/44
- https://security.gentoo.org/glsa/202003-12
- https://security.netapp.com/advisory/ntap-20200210-0001/
- http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html
- http://seclists.org/fulldisclosure/2020/Jan/40
- http://www.openwall.com/lists/oss-security/2020/01/30/6
- https://access.redhat.com/errata/RHSA-2020:0726
- https://seclists.org/bugtraq/2020/Feb/3
- http://www.openwall.com/lists/oss-security/2020/01/31/1
- http://www.openwall.com/lists/oss-security/2020/02/05/2
- https://www.sudo.ws/alerts/pwfeedback.html
- http://www.openwall.com/lists/oss-security/2020/02/05/5
Affected packages
Git / github.com/millert/sudo
Affected versions
Other
SUDO_1_7_1
SUDO_1_7_2
SUDO_1_8_0
SUDO_1_8_1
SUDO_1_8_10
SUDO_1_8_10p1
SUDO_1_8_10p2
SUDO_1_8_10p3
SUDO_1_8_11
SUDO_1_8_11p1
SUDO_1_8_11p2
SUDO_1_8_12
SUDO_1_8_13
SUDO_1_8_14
SUDO_1_8_14p1
SUDO_1_8_14p3
SUDO_1_8_15
SUDO_1_8_16
SUDO_1_8_17
SUDO_1_8_17p1
SUDO_1_8_18
SUDO_1_8_18p1
SUDO_1_8_19
SUDO_1_8_19p1
SUDO_1_8_19p2
SUDO_1_8_2
SUDO_1_8_20
SUDO_1_8_20p1
SUDO_1_8_20p2
SUDO_1_8_21
SUDO_1_8_21p1
SUDO_1_8_21p2
SUDO_1_8_22
SUDO_1_8_23
SUDO_1_8_24
SUDO_1_8_25
SUDO_1_8_25p1
SUDO_1_8_3
SUDO_1_8_4
SUDO_1_8_4p1
SUDO_1_8_4p2
SUDO_1_8_4p3
SUDO_1_8_4p4
SUDO_1_8_4p5
SUDO_1_8_5
SUDO_1_8_5p1
SUDO_1_8_5p2
SUDO_1_8_5p3
SUDO_1_8_6
SUDO_1_8_6p1
SUDO_1_8_6p2
SUDO_1_8_6p3
SUDO_1_8_6p4
SUDO_1_8_6p5
SUDO_1_8_6p6
SUDO_1_8_6p7
SUDO_1_8_6p8
SUDO_1_8_7
SUDO_1_8_8
SUDO_1_8_9
SUDO_1_8_9p1
SUDO_1_8_9p2
SUDO_1_8_9p3
SUDO_1_8_9p4
SUDO_1_8_9p5
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18634.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
}
]