CVE-2021-3156
| CVE Published | 2021-01-26 |
|---|---|
| Related CWE(s) | CWE-193: Off-by-one Error |
| Related Vendor(s) | sudo_project, fedoraproject, oracle, synology, mcafee, netapp, beyondtrust, debian |
| Related Product(s) | active_iq_unified_manager, web_gateway, fedora, sudo, vs960hd_firmware, micros_workstation_6_firmware, privilege_management_for_unix\/linux, oncommand_unified_manager_core_package, micros_es400_firmware, micros_workstation_5a_firmware, diskstation_manager, micros_compact_workstation_3_firmware, hci_management_node, micros_kitchen_display_system_firmware, cloud_backup, skynas_firmware, ontap_select_deploy_administration_utility, debian_linux, solidfire, communications_performance_intelligence_center, ontap_tools, diskstation_manager_unified_controller, privilege_management_for_mac, tekelec_platform_distribution |
| Exploitation Reported (CISA KEV) | 2022-04-06 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph