CVE-2021-3156

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3156

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3156.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-3156

Downstream

ALPINE-CVE-2021-3156

DEBIAN-CVE-2021-3156

DLA-2534-1

DSA-4839-1

OESA-2021-1002

RHSA-2021:0218

RHSA-2021:0219

RHSA-2021:0220

RHSA-2021:0221

RHSA-2021:0222

RHSA-2021:0223

RHSA-2021:0224

RHSA-2021:0225

RHSA-2021:0226

RHSA-2021:0227

RHSA-2021:0395

RHSA-2021:0401

SUSE-SU-2021:0225-1

SUSE-SU-2021:0226-1

SUSE-SU-2021:0227-1

SUSE-SU-2021:0232-1

SUSE-SU-2021:0928-1

SUSE-SU-2021:1267-1

SUSE-SU-2021:1273-1

SUSE-SU-2021:1274-1

SUSE-SU-2021:1275-1

SUSE-SU-2024:4389-1

UBUNTU-CVE-2021-3156

USN-4705-1

USN-4705-2

openSUSE-SU-2021:0169-1

openSUSE-SU-2021:0170-1

openSUSE-SU-2021:0602-1

openSUSE-SU-2024:11413-1

Related

Published

2021-01-26T21:15:12Z

Modified

2025-10-10T02:04:15.804394Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

References

Affected packages

Git / github.com/millert/sudo

Affected ranges

Type: GIT
Repo: https://github.com/millert/sudo
Events: Introduced

82d8358a72b1e8784b5399c1ecb5d271ae91e125

Fixed

caa666c2dfa1f4286ccfbed5e512432665b72d3a

Type: GIT
Repo: https://github.com/sudo-project/sudo
Events: Introduced

83d1bee918147a57804de77d3e1064a4e323f47e

Fixed

10d072a320c885e2e805ef2e47fe7a2ebde68abc

Affected versions

Other

SUDO_1_9_0

SUDO_1_9_1

SUDO_1_9_2

SUDO_1_9_3

SUDO_1_9_3p1

SUDO_1_9_4

SUDO_1_9_4p1

SUDO_1_9_4p2

v1.*

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v1.9.3p1

v1.9.4

v1.9.4p1

v1.9.4p2