Fluid Attacks Database

Description

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.14	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.20_p2-r0 \|\| =1.8.21_p2-r0 \|\| =1.8.21_p2-r1 \|\| =1.8.21_p2-r2 \|\| =1.8.22-r2 \|\| =1.8.23-r2 \|\| =1.8.25_p1-r2 \|\| =1.8.27-r0 \|\| =1.8.28-r0 \|\| =1.8.28p1-r0 \|\| =1.8.29-r0 \|\| =1.8.3-r0 \|\| =1.8.30-r0 \|\| =1.8.31-r0 \|\| =1.8.31p1-r0 \|\| =1.8.31p1-r1 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| =1.9.0-r0 \|\| =1.9.1-r0 \|\| =1.9.12-r0 \|\| =1.9.3-r0 \|\| =1.9.3_p1-r0 \|\| =1.9.4-r0 \|\| =1.9.4p2-r0 \|\| =1.9.5-r0 \|\| =1.9.5p1-r0 \|\| =1.9.5p2-r0 \|\| =1.9.6-r0 \|\| =1.9.6_p1-r0 \|\| =1.9.6_p1-r1 \|\| =1.9.7_p1-r1 \|\| >=0 <1.9.12-r1	1.9.12-r1
alpine v3.15	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.20_p2-r0 \|\| =1.8.21_p2-r0 \|\| =1.8.21_p2-r1 \|\| =1.8.21_p2-r2 \|\| =1.8.22-r2 \|\| =1.8.23-r2 \|\| =1.8.25_p1-r2 \|\| =1.8.27-r0 \|\| =1.8.28-r0 \|\| =1.8.28p1-r0 \|\| =1.8.29-r0 \|\| =1.8.3-r0 \|\| =1.8.30-r0 \|\| =1.8.31-r0 \|\| =1.8.31p1-r0 \|\| =1.8.31p1-r1 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| =1.9.0-r0 \|\| =1.9.1-r0 \|\| =1.9.12-r0 \|\| =1.9.3-r0 \|\| =1.9.3_p1-r0 \|\| =1.9.4-r0 \|\| =1.9.4p2-r0 \|\| =1.9.5-r0 \|\| =1.9.5p1-r0 \|\| =1.9.5p2-r0 \|\| =1.9.6-r0 \|\| =1.9.6_p1-r0 \|\| =1.9.6_p1-r1 \|\| =1.9.7_p1-r1 \|\| =1.9.7_p2-r0 \|\| =1.9.8-r0 \|\| =1.9.8_p1-r0 \|\| =1.9.8_p2-r0 \|\| =1.9.8_p2-r1 \|\| >=0 <1.9.12-r1	1.9.12-r1
debian 11	sudo	=1.9.10-1 \|\| =1.9.10-2 \|\| =1.9.10-3 \|\| =1.9.11p3-1 \|\| =1.9.11p3-2 \|\| =1.9.12p1-1 \|\| =1.9.12p2-1 \|\| =1.9.13p1-1 \|\| =1.9.13p3-1 \|\| =1.9.13p3-2 \|\| =1.9.13p3-3 \|\| =1.9.14p2-1 \|\| =1.9.15p2-1 \|\| =1.9.15p2-2 \|\| =1.9.15p3-1 \|\| =1.9.15p4-1 \|\| =1.9.15p4-2 \|\| =1.9.15p5-1 \|\| =1.9.15p5-2 \|\| =1.9.15p5-3 \|\| =1.9.15p5-3+hurd.1 \|\| =1.9.16-1 \|\| =1.9.16-2 \|\| =1.9.16p1-1 \|\| =1.9.16p2-1 \|\| =1.9.16p2-2 \|\| =1.9.16p2-3 \|\| =1.9.17p1-1 \|\| =1.9.17p2-1 \|\| =1.9.17p2-1exp1 \|\| =1.9.17p2-2 \|\| =1.9.17p2-3 \|\| =1.9.17p2-4 \|\| =1.9.17p2-5 \|\| =1.9.5p2-3 \|\| =1.9.5p2-3+deb11u1 \|\| =1.9.5p2-3+deb11u2 \|\| =1.9.5p2-3+deb11u3 \|\| =1.9.5p2-3+exp1 \|\| =1.9.6-1~exp1 \|\| =1.9.6-1~exp2 \|\| =1.9.8p2-1 \|\| =1.9.8p2-1~exp1 \|\| =1.9.9-1	-
debian 12	sudo	>=0 <1.9.12p1-1	1.9.12p1-1
debian 13	sudo	>=0 <1.9.12p1-1	1.9.12p1-1
debian 14	sudo	>=0 <1.9.12p1-1	1.9.12p1-1

Aliases

1. CVE-2022-439952. NVD-2022-439953. OSV-ALPINE-2022-439954. OSV-2022-439955. OSV-DEBIAN-2022-439956. SECURITY-CVE-2022-439957. SECURITY-TRACKER-CVE-2022-43995

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.