Skip to main content

Incorrect Calculation of Buffer Size

CVE-2002-0184

Severity High
Score 7.8/10

Summary

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-131 - Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References

Advisory Timeline

  • Published