7.8
CVE-2021-3156
- EPSS 92.26%
- Published 26.01.2021 21:15:12
- Last modified 03.04.2025 19:47:48
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Data is provided by the National Vulnerability Database (NVD)
Sudo Project ≫ Sudo Version >= 1.8.2 < 1.8.32
Sudo Project ≫ Sudo Version >= 1.9.0 < 1.9.5
Sudo Project ≫ Sudo Version1.9.5 Update-
Sudo Project ≫ Sudo Version1.9.5 Updatepatch1
Fedoraproject ≫ Fedora Version32
Fedoraproject ≫ Fedora Version33
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Cloud Backup Version-
Netapp ≫ Hci Management Node Version-
Netapp ≫ Oncommand Unified Manager Core Package Version-
Netapp ≫ Ontap Select Deploy Administration Utility Version-
Netapp ≫ Ontap Tools Version9 SwPlatformvmware_vsphere
Mcafee ≫ Web Gateway Version8.2.17
Mcafee ≫ Web Gateway Version9.2.8
Mcafee ≫ Web Gateway Version10.0.4
Synology ≫ Diskstation Manager Unified Controller Version3.0
Synology ≫ Diskstation Manager Version6.2
Synology ≫ Skynas Firmware Version-
Synology ≫ Vs960hd Firmware Version-
Beyondtrust ≫ Privilege Management For Mac Version < 21.1.1
Oracle ≫ Micros Compact Workstation 3 Firmware Version310
Oracle ≫ Micros Es400 Firmware Version >= 400 <= 410
Oracle ≫ Micros Kitchen Display System Firmware Version210
Oracle ≫ Micros Workstation 5a Firmware Version5a
Oracle ≫ Micros Workstation 6 Firmware Version >= 610 <= 655
Oracle ≫ Communications Performance Intelligence Center Version >= 10.3.0.0.0 <= 10.3.0.2.1
Oracle ≫ Communications Performance Intelligence Center Version >= 10.4.0.1.0 <= 10.4.0.3.1
Oracle ≫ Tekelec Platform Distribution Version >= 7.4.0 <= 7.7.1
06.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Sudo Heap-Based Buffer Overflow Vulnerability
VulnerabilitySudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.26% | 0.997 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-193 Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.