CVE-2021-3156 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Critical
Remote	No
Type	Privilege escalation
Description	A serious heap-based buffer overflow has been discovered in sudo before version 1.9.5p2 that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1431	sudo	1.9.4.p2-2	1.9.5.p2-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
20 Jan 2021	ASA-202101-25	AVG-1431	sudo	Critical	multiple issues

References
https://www.sudo.ws/alerts/unescape_overflow.html https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit https://www.openwall.com/lists/oss-security/2021/01/26/3 https://www.sudo.ws/repos/sudo/rev/9b97f1787804 https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b https://www.sudo.ws/repos/sudo/rev/049ad90590be https://www.sudo.ws/repos/sudo/rev/09f98816fc89 https://www.sudo.ws/repos/sudo/rev/c125fbe68783

References

https://www.sudo.ws/alerts/unescape_overflow.html
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
https://www.openwall.com/lists/oss-security/2021/01/26/3
https://www.sudo.ws/repos/sudo/rev/9b97f1787804
https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b
https://www.sudo.ws/repos/sudo/rev/049ad90590be
https://www.sudo.ws/repos/sudo/rev/09f98816fc89
https://www.sudo.ws/repos/sudo/rev/c125fbe68783