CVE-2022-43995

NameCVE-2022-43995
DescriptionSudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sudo (PTS)buster1.8.27-1+deb10u3vulnerable
buster (security)1.8.27-1+deb10u4vulnerable
bullseye1.9.5p2-3vulnerable
bookworm, sid1.9.11p3-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sudosource(unstable)(unfixed)unimportant

Notes

Fixed by: https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
Binary packages compiled with PAM support not enabling the plugins/sudoers/auth/passwd.c code

Search for package or bug name: Reporting problems