by CIRT Team
CVE-2021-3156-Heap-based buffer overflow in Sudo
DESCRIPTIONSudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character: IMPACTA heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to...
Read More