CVE-2021-3156
| CVE Published | 2021-01-26 |
|---|---|
| Related CWE(s) | CWE-193: Off-by-one Error |
| Related Vendor(s) | netapp, fedoraproject, sudo_project, mcafee, synology, oracle, beyondtrust, debian |
| Related Product(s) | oncommand_unified_manager_core_package, solidfire, debian_linux, micros_workstation_5a_firmware, sudo, privilege_management_for_mac, tekelec_platform_distribution, micros_compact_workstation_3_firmware, vs960hd_firmware, active_iq_unified_manager, skynas_firmware, ontap_tools, diskstation_manager_unified_controller, micros_workstation_6_firmware, communications_performance_intelligence_center, hci_management_node, privilege_management_for_unix\/linux, fedora, micros_kitchen_display_system_firmware, web_gateway, ontap_select_deploy_administration_utility, micros_es400_firmware, diskstation_manager, cloud_backup |
| Exploitation Reported (CISA KEV) | 2022-04-06 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph