7

CVE-2023-42465

Exploit
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sudo ProjectSudo Version < 1.9.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.54% 0.411
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://arxiv.org/abs/2309.02545
Third Party Advisory
Technical Description
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
Patch
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/
https://security.gentoo.org/glsa/202401-29
https://security.netapp.com/advisory/ntap-20240208-0002/
https://www.openwall.com/lists/oss-security/2023/12/21/9
Exploit
Mailing List
https://www.sudo.ws/releases/changelog/
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/
http://www.openwall.com/lists/oss-security/2025/09/23/2
http://www.openwall.com/lists/oss-security/2025/09/24/6