FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3310014a-5ef9-11ed-812b-206a8a720317	sudo -- Potential out-of-bounds write for small passwords SO-AND-SO reports: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. Discovery 2022-11-07 Entry 2022-11-07 sudo >= 1.8.0 lt 1.9.12p1 CVE-2022-43995 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43995
f3cf4b33-6013-11eb-9a0e-206a8a720317	sudo -- Multiple vulnerabilities Todd C. Miller reports: When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. Discovery 2021-01-26 Entry 2021-01-26 sudo < 1.9.5p2 https://www.sudo.ws/stable.html#1.9.5p2 CVE-2021-3156

VuXML ID

Description

3310014a-5ef9-11ed-812b-206a8a720317

sudo -- Potential out-of-bounds write for small passwords

SO-AND-SO reports:

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Discovery 2022-11-07
Entry 2022-11-07
sudo

>= 1.8.0 lt 1.9.12p1

CVE-2022-43995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43995

f3cf4b33-6013-11eb-9a0e-206a8a720317

sudo -- Multiple vulnerabilities

Todd C. Miller reports:

When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.

Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.

Discovery 2021-01-26
Entry 2021-01-26
sudo

< 1.9.5p2

https://www.sudo.ws/stable.html#1.9.5p2
CVE-2021-3156