Vulnerabilities > CVE-2021-3156 - Off-by-one Error vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Vulnerable Configurations

Part Description Count
Application
Sudo_Project
93
Application
Netapp
7
Application
Mcafee
3
Application
Synology
2
Application
Beyondtrust
15
Application
Oracle
8
OS
Fedoraproject
2
OS
Debian
2
OS
Synology
2
OS
Oracle
7
Hardware
Synology
2
Hardware
Oracle
5

Common Weakness Enumeration (CWE)

References