CVE-2021-3156
| CVE Published | 2021-01-26 |
|---|---|
| Related CWE(s) | CWE-193: Off-by-one Error |
| Related Vendor(s) | mcafee, oracle, sudo_project, netapp, debian, beyondtrust, synology, fedoraproject |
| Related Product(s) | solidfire, hci_management_node, web_gateway, diskstation_manager_unified_controller, ontap_tools, cloud_backup, micros_kitchen_display_system_firmware, tekelec_platform_distribution, active_iq_unified_manager, communications_performance_intelligence_center, sudo, micros_workstation_6_firmware, ontap_select_deploy_administration_utility, micros_workstation_5a_firmware, diskstation_manager, oncommand_unified_manager_core_package, micros_es400_firmware, privilege_management_for_mac, privilege_management_for_unix\/linux, skynas_firmware, micros_compact_workstation_3_firmware, vs960hd_firmware, fedora, debian_linux |
| Exploitation Reported (CISA KEV) | 2022-04-06 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph