Russian Vulnerability Scanner Database

Back to List

CVE-2021-3156

Scores

EPSS

0.923high92.3%
0%20%40%60%80%100%

Percentile: 92.3%

CVSS

7.8high3.x
0246810

CVSS Score: 7.8/10

All CVSS Scores

CVSS 3.x
7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Description

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

astradebiannvdredhatubuntu

CWEs

CWE-122CWE-193

Related Vulnerabilities

BDU:2021-00364

Exploits

Exploit ID: 49521

Source: exploitdb

URL: https://www.exploit-db.com/exploits/49521

Exploit ID: 49522

Source: exploitdb

URL: https://www.exploit-db.com/exploits/49522

Exploit ID: CVE-2021-3156

Source: github-poc

URL: https://github.com/Maalfer/Sudo-CVE-2021-3156

Vulnerable Software (45)

Type: Configuration

Product: redhat-virtualization-host

Operating System: rhel 7

Trait: 
{  "fixed": "4.3.13-20210127.0.el7_9"}

Source: redhat

Type: Configuration

Product: redhat-virtualization-host

Operating System: rhel 4.4

Trait: 
{  "fixed": "4.4.4-20210201.0.el8_3"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: astra 1.6.8

Trait: 
{  "unaffected": true}

Source: astra

Type: Configuration

Product: sudo

Operating System: ubuntu bionic 18.04

Trait: 
{  "fixed": "1.8.21p2-3ubuntu1.4"}

Source: ubuntu

Type: Configuration

Product: sudo

Operating System: ubuntu focal 20.04

Trait: 
{  "fixed": "1.8.31-1ubuntu1.2"}

Source: ubuntu

Type: Configuration

Product: sudo

Operating System: ubuntu groovy 20.10

Trait: 
{  "fixed": "1.9.1-1ubuntu1.1"}

Source: ubuntu

Type: Configuration

Product: sudo

Operating System: ubuntu trusty 14.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: sudo

Operating System: ubuntu xenial 16.04

Trait: 
{  "fixed": "1.8.16-0ubuntu1.10"}

Source: ubuntu

Type: Configuration

Product: sudo

Operating System: rhel 6

Trait: 
{  "fixed": "1.8.6p3-29.el6_10.4"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 7

Trait: 
{  "fixed": "1.8.23-10.el7_9.1"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 7.2

Trait: 
{  "fixed": "1.8.6p7-17.el7_2.3"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 7.3

Trait: 
{  "fixed": "1.8.6p7-23.el7_3.3"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 7.4

Trait: 
{  "fixed": "1.8.19p2-12.el7_4.2"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 7.4

Trait: 
{  "fixed": "1.8.19p2-12.el7_4.2"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 7.4

Trait: 
{  "fixed": "1.8.19p2-12.el7_4.2"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 7.6

Trait: 
{  "fixed": "1.8.23-3.el7_6.2"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 7.7

Trait: 
{  "fixed": "1.8.23-4.el7_7.3"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 8

Trait: 
{  "fixed": "1.8.29-6.el8_3.1"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 8.1

Trait: 
{  "fixed": "1.8.25p1-8.el8_1.2"}

Source: redhat

Type: Configuration

Product: sudo

Operating System: rhel 8.2

Trait: 
{  "fixed": "1.8.29-5.el8_2.1"}

Source: redhat