HIGH✓ PATCH🇬🇧 English

CVE-2023-42465

CVSS 7.0v3.1pub. 2023-12-22upd. 2025-11-04

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Sudo Project Sudo

    APP
    Sudo Project
    < 1.9.15
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth BypassLPE
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-3156HIGH7.8⚠ KEVten sam produkt

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows...

CVE-2026-35535HIGH7.4ten sam produkt

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege ...

CVE-2023-27320HIGH7.2ten sam produkt

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

CVE-2023-22809HIGH7.8ten sam produkt

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided ...