Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 50 results


CVE-2023-7090

Medium priority
Not affected

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts...

1 affected packages

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-42465

Medium priority
Not affected

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because...

1 affected packages

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-42456

Medium priority

Not in release

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only...

1 affected packages

rust-sudo-rs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-sudo-rs Not in release Not in release Not in release Not in release
Show less packages

CVE-2023-28487

Medium priority

Some fixes available 9 of 10

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

1 affected packages

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-28486

Medium priority

Some fixes available 9 of 10

Sudo before 1.9.13 does not escape control characters in log messages.

1 affected packages

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-27320

Medium priority
Fixed

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

1 affected packages

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Not affected Not affected Not affected
Show less packages

CVE-2023-22809

Medium priority
Fixed

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the...

1 affected packages

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-43995

Medium priority
Not affected

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with...

1 affected packages

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-33070

Medium priority

Some fixes available 8 of 73

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

9 affected packages

argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
argyll Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ccextractor Needs evaluation Needs evaluation Needs evaluation
libgadu Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpg-query Needs evaluation Needs evaluation
libsignal-protocol-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ocserv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pidgin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
protobuf-c Fixed Fixed Fixed Needs evaluation Needs evaluation
sudo Not affected Fixed Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2021-3156

High priority
Fixed

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

1 affected packages

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Fixed Fixed
Show less packages