7.2

CVE-2023-27320

Exploit
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sudo ProjectSudo Version >= 1.9.8 < 1.9.13
Sudo ProjectSudo Version1.9.13 Update-
Sudo ProjectSudo Version1.9.13 Updatep1
FedoraprojectFedora Version36
FedoraprojectFedora Version37
FedoraprojectFedora Version38
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.66% 0.737
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

http://www.openwall.com/lists/oss-security/2023/03/01/8
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/
https://security.gentoo.org/glsa/202309-12
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230413-0009/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/02/28/1
Third Party Advisory
Exploit
Mailing List
https://www.sudo.ws/releases/stable/#1.9.13p2
Release Notes