rpm package
opensuse/sudo&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/sudo&distro=openSUSE%20Tumbleweed
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35535 | Hig | 7.4 | < 1.9.17p2-2.1 | 1.9.17p2-2.1 | Apr 3, 2026 | In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. | |
| CVE-2025-32463 | — | KEV | < 1.9.17p1-1.1 | 1.9.17p1-1.1 | Jun 30, 2025 | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | |
| CVE-2025-32462 | — | < 1.9.17p1-1.1 | 1.9.17p1-1.1 | Jun 30, 2025 | Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. | ||
| CVE-2023-42465 | — | < 1.9.15p2-1.1 | 1.9.15p2-1.1 | Dec 22, 2023 | Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | ||
| CVE-2023-42456 | Low | 3.3 | < 1.9.15p2-1.1 | 1.9.15p2-1.1 | Sep 21, 2023 | Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the u | |
| CVE-2023-27320 | — | < 1.9.13p3-2.1 | 1.9.13p3-2.1 | Feb 28, 2023 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | ||
| CVE-2023-22809 | — | < 1.9.12p2-1.1 | 1.9.12p2-1.1 | Jan 18, 2023 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege | ||
| CVE-2022-43995 | — | < 1.9.12-3.1 | 1.9.12-3.1 | Nov 2, 2022 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven ch | ||
| CVE-2021-3156 | — | KEV | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Jan 26, 2021 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | |
| CVE-2021-23240 | — | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Jan 12, 2021 | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines witho | ||
| CVE-2021-23239 | — | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Jan 12, 2021 | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | ||
| CVE-2019-18634 | — | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Jan 29, 2020 | In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, | ||
| CVE-2019-14287 | — | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Oct 17, 2019 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= l | ||
| CVE-2016-7076 | Med | 6.4 | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | May 29, 2018 | sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly us | |
| CVE-2017-1000368 | Hig | 8.2 | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Jun 5, 2017 | Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. | |
| CVE-2017-1000367 | Med | 6.4 | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Jun 5, 2017 | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | |
| CVE-2014-9680 | Low | 3.3 | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Apr 24, 2017 | sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with t | |
| CVE-2016-7032 | Hig | 7.0 | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Apr 14, 2017 | sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | |
| CVE-2013-1776 | — | < 1.8.18p1-1.1 | 1.8.18p1-1.1 | Apr 8, 2013 | sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting | ||
| CVE-2013-1775 | — | < 1.8.18p1-1.1 | 1.8.18p1-1.1 | Mar 5, 2013 | sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. |
- affected < 1.9.17p2-2.1fixed 1.9.17p2-2.1
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
- affected < 1.9.17p1-1.1fixed 1.9.17p1-1.1
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
- CVE-2025-32462Jun 30, 2025affected < 1.9.17p1-1.1fixed 1.9.17p1-1.1
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
- CVE-2023-42465Dec 22, 2023affected < 1.9.15p2-1.1fixed 1.9.15p2-1.1
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
- affected < 1.9.15p2-1.1fixed 1.9.15p2-1.1
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the u
- CVE-2023-27320Feb 28, 2023affected < 1.9.13p3-2.1fixed 1.9.13p3-2.1
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
- CVE-2023-22809Jan 18, 2023affected < 1.9.12p2-1.1fixed 1.9.12p2-1.1
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege
- CVE-2022-43995Nov 2, 2022affected < 1.9.12-3.1fixed 1.9.12-3.1
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven ch
- affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
- CVE-2021-23240Jan 12, 2021affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines witho
- CVE-2021-23239Jan 12, 2021affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
- CVE-2019-18634Jan 29, 2020affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages,
- CVE-2019-14287Oct 17, 2019affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= l
- affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly us
- affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
- affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
- affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with t
- affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
- CVE-2013-1776Apr 8, 2013affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting
- CVE-2013-1775Mar 5, 2013affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
Page 1 of 2