CVE-2022-43995 - OpenCVE

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sudo Project	Sudo

Configuration 1 [-]

OR	cpe:2.3:a:sudo_project:sudo::::::::
	cpe:2.3:a:sudo_project:sudo:1.9.12:-::::::

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2139911	Issue Tracking Third Party Advisory
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050	Patch Third Party Advisory
https://news.ycombinator.com/item?id=33465707	Third Party Advisory
https://security.gentoo.org/glsa/202211-08	Third Party Advisory
https://www.sudo.ws/security/advisories/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-02T00:00:00

Updated: 2022-11-22T00:00:00

Reserved: 2022-10-28T00:00:00

Link: CVE-2022-43995

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-02T14:15:16.187

Modified: 2022-12-06T00:15:07.750

Link: CVE-2022-43995

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "matchCriteriaId": "E76D2160-BE9D-4C9E-B2AB-B52B3C84DAD7", "versionEndExcluding": "1.9.12", "versionStartIncluding": "1.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.9.12:-:*:*:*:*:*:*", "matchCriteriaId": "30B5DA3F-091D-4627-A5C0-2D1487A378B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture."}, {"lang": "es", "value": "Sudo 1.8.0 a 1.9.12, con el backend de contrase\u00f1a crypt(), contiene un error de matriz fuera de l\u00edmites plugins/sudoers/auth/passwd.c que puede provocar una sobrelectura del b\u00fafer. Esto puede ser activado por usuarios locales arbitrarios con acceso a Sudo ingresando una contrase\u00f1a de siete caracteres o menos. El impacto podr\u00eda variar seg\u00fan las librer\u00edas del sistema, el compilador y la arquitectura del procesador."}], "id": "CVE-2022-43995", "lastModified": "2022-12-06T00:15:07.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-02T14:15:16.187", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139911"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://news.ycombinator.com/item?id=33465707"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202211-08"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.sudo.ws/security/advisories/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}