Critical severity9.8NVD Advisory· Published Oct 18, 2019· Updated Jun 17, 2026
CVE-2019-15900
CVE-2019-15900
Description
An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- slicer69/doasdescription
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.