Out-of-bounds Read
CVE-2022-43995
Summary
Sudo versions 1.8.0 through 1.9.12, with the "crypt()" password backend, contains a "plugins/sudoers/auth/passwd.c" array-out-of-bounds error that can result in a Heap-based Buffer Over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-125 - Out-of-Bounds Read
Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.
Advisory Timeline
- Published