CVE-2021-3156
Summary
| CVE | CVE-2021-3156 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-26 21:15:00 UTC |
| Updated | 2024-02-04 09:15:00 UTC |
| Description | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. |
Risk And Classification
EPSS: 0.924830000 probability, percentile 0.997300000 (date 2026-04-01)
CISA KEV: Listed on 2022-04-06; due 2022-04-27; ransomware use Unknown
Problem Types: CWE-193
CISA Known Exploited Vulnerability
| Vendor | Sudo |
|---|---|
| Product | Sudo |
| Name | Sudo Heap-Based Buffer Overflow Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2021-3156 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Beyondtrust | Privilege Management For Mac | All | All | All | All |
| Application | Beyondtrust | Privilege Management For Mac | All | All | All | All |
| Application | Beyondtrust | Privilege Management For Unix/linux | All | All | All | All |
| Application | Beyondtrust | Privilege Management For Unix/linux | All | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Application | Mcafee | Web Gateway | 10.0.4 | All | All | All |
| Application | Mcafee | Web Gateway | 8.2.17 | All | All | All |
| Application | Mcafee | Web Gateway | 9.2.8 | All | All | All |
| Application | Mcafee | Web Gateway | 10.0.4 | All | All | All |
| Application | Mcafee | Web Gateway | 8.2.17 | All | All | All |
| Application | Mcafee | Web Gateway | 9.2.8 | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Oncommand Unified Manager Core Package | - | All | All | All |
| Application | Netapp | Oncommand Unified Manager Core Package | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Oracle | Communications Performance Intelligence Center | All | All | All | All |
| Application | Oracle | Communications Performance Intelligence Center | All | All | All | All |
| Hardware | Oracle | Micros Compact Workstation 3 | - | All | All | All |
| Operating System | Oracle | Micros Compact Workstation 3 Firmware | 310 | All | All | All |
| Hardware | Oracle | Micros Es400 | - | All | All | All |
| Operating System | Oracle | Micros Es400 Firmware | All | All | All | All |
| Hardware | Oracle | Micros Kitchen Display System | - | All | All | All |
| Operating System | Oracle | Micros Kitchen Display System Firmware | 210 | All | All | All |
| Hardware | Oracle | Micros Workstation 5a | - | All | All | All |
| Operating System | Oracle | Micros Workstation 5a Firmware | 5a | All | All | All |
| Hardware | Oracle | Micros Workstation 6 | - | All | All | All |
| Operating System | Oracle | Micros Workstation 6 Firmware | All | All | All | All |
| Application | Oracle | Tekelec Platform Distribution | All | All | All | All |
| Application | Sudo Project | Sudo | All | All | All | All |
| Application | Sudo Project | Sudo | 1.9.5 | - | All | All |
| Application | Sudo Project | Sudo | 1.9.5 | patch1 | All | All |
| Application | Sudo Project | Sudo | All | All | All | All |
| Application | Sudo Project | Sudo | 1.9.5 | patch1 | All | All |
| Application | Synology | Diskstation Manager | 6.2 | All | All | All |
| Application | Synology | Diskstation Manager | 6.2 | All | All | All |
| Application | Synology | Diskstation Manager Unified Controller | 3.0 | All | All | All |
| Application | Synology | Diskstation Manager Unified Controller | 3.0 | All | All | All |
| Hardware | Synology | Skynas | - | All | All | All |
| Hardware | Synology | Skynas | - | All | All | All |
| Hardware | Synology | Skynas | - | All | All | All |
| Operating System | Synology | Skynas Firmware | - | All | All | All |
| Operating System | Synology | Skynas Firmware | - | All | All | All |
| Hardware | Synology | Vs960hd | - | All | All | All |
| Hardware | Synology | Vs960hd | - | All | All | All |
| Hardware | Synology | Vs960hd | - | All | All | All |
| Operating System | Synology | Vs960hd Firmware | - | All | All | All |
| Operating System | Synology | Vs960hd Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| oss-security - Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) | MISC | www.openwall.com | Exploit, Mailing List, Third Party Advisory |
| CVE-2021-3156 Sudo Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| oss-security - Re: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() | www.openwall.com | ||
| Full Disclosure: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) | FULLDISC | seclists.org | Exploit, Mailing List, Third Party Advisory |
| glibc syslog() Heap-Based Buffer Overflow ≈ Packet Storm | packetstormsecurity.com | ||
| Sudo Stable Release | CONFIRM | www.sudo.ws | Release Notes, Vendor Advisory |
| Sudo Buffer Overflow / Privilege Escalation ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| [SECURITY] Fedora 32 Update: sudo-1.9.5p2-1.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| [SECURITY] [DLA 2534-1] sudo security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| oss-security - CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() | www.openwall.com | ||
| [SECURITY] Fedora 33 Update: sudo-1.9.5p2-1.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021 | CISCO | tools.cisco.com | Third Party Advisory |
| oss-security - Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - July 2021 | N/A | www.oracle.com | |
| CVE-2020-8585 Sensitive Information Disclosure Vulnerability in OnCommand Unified Manager Core Package | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| Oracle Critical Patch Update Advisory - October 2021 | MISC | www.oracle.com | |
| Debian -- Security Information -- DSA-4839-1 sudo | DEBIAN | www.debian.org | Third Party Advisory |
| Sudo Heap-Based Buffer Overflow ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| oss-security - Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit | MLIST | www.openwall.com | Exploit, Mailing List, Third Party Advisory |
| [SECURITY] Fedora 32 Update: sudo-1.9.5p2-1.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 33 Update: sudo-1.9.5p2-1.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Full Disclosure: CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() | seclists.org | ||
| VU#794544 - Heap-Based Buffer Overflow in Sudo | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| oss-security - Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) | MLIST | www.openwall.com | Exploit, Mailing List, Third Party Advisory |
| Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| oss-security - Re: Oracle Solaris membership in the distros list | MLIST | www.openwall.com | |
| McAfee Security Bulletin - Status and updates for Linux sudo vulnerability (CVE-2021-3156) | CONFIRM | kc.mcafee.com | Third Party Advisory |
| sudo: Multiple vulnerabilities (GLSA 202101-33) — Gentoo security | GENTOO | security.gentoo.org | Third Party Advisory |
| Security Advisory: Privilege Management for Unix & Linux Basic & Privilege Management for Mac | BeyondTrust | MISC | www.beyondtrust.com | Patch, Third Party Advisory |
| Full Disclosure: APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| About the security content of macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002 - Apple Support | CONFIRM | support.apple.com | Third Party Advisory |
| Synology Inc. | CONFIRM | www.synology.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159156 Oracle Enterprise Linux Security Update for sudo (ELSA-2021-9169)
- 174831 SUSE Enterprise Linux Security update for sudo (SUSE-SU-2021:0928-1)
- 174850 SUSE Enterprise Linux Security update for sudo (SUSE-SU-2021:0928-1)
- 174930 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2021:1275-1)
- 174931 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2021:1274-1)
- 174932 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2021:1273-1)
- 180137 Debian Security Update for sudo (CVE-2021-3156)
- 375648 Centrify Service Suite agent (DirectControl) Privilege Escalation Vulnerability
- 376875 Alibaba Cloud Linux Security Update for sudo (ALINUX2-SA-2021:0003)
- 377324 Alibaba Cloud Linux Security Update for sudo (ALINUX3-SA-2022:0113)
- 390227 Oracle Managed Virtualization (VM) Server for x86 Security Update for sudo (OVMSA-2021-0012)
- 390235 Oracle Managed Virtualization (VM) Server for x86 Security Update for sudo (OVMSA-2021-0003)
- 43855 HPE ArubaOS Sudo Privilege Escalation Vulnerability (ARUBA-PSA-2021-015)
- 500678 Alpine Linux Security Update for sudo
- 506250 Alpine Linux Security Update for sudo
- 670208 EulerOS Security Update for sudo (EulerOS-SA-2021-1707)
- 690352 Free Berkeley Software Distribution (FreeBSD) Security Update for sudo (f3cf4b33-6013-11eb-9a0e-206a8a720317)
- 730227 McAfee Web Gateway Multiple Vulnerabilities (WP-3426, WP-3427, WP-3307, WP-3444, WP-3452, WP-3475)
- 750253 OpenSUSE Security Update for sudo (openSUSE-SU-2021:0602-1)
- 940237 AlmaLinux Security Update for sudo (ALSA-2021:0218)