CVE-2022-43995

Summary

CVE	CVE-2022-43995
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-02 14:15:00 UTC
Updated	2022-12-06 00:15:00 UTC
Description	Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Sudo Project	Sudo	All	All	All	All
Application	Sudo Project	Sudo	1.9.12	-	All	All
Application	Sudo Project	Sudo	All	All	All	All

References

Reference	Source	Link	Tags
Security Advisories \| Sudo	MISC	www.sudo.ws
sudo: Heap-Based Buffer Overread (GLSA 202211-08) — Gentoo security	GENTOO	security.gentoo.org
2139911 – (CVE-2022-43995) CVE-2022-43995 sudo: heap-based overflow with very small passwords	MISC	bugzilla.redhat.com
Sudo: Heap-based overflow with small passwords \| Hacker News	MISC	news.ycombinator.com
Fix CVE-2022-43995, potential heap overflow for passwords < 8 charact… · sudo-project/sudo@bd209b9 · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

182565 Debian Security Update for sudo (CVE-2022-43995)
355189 Amazon Linux Security Advisory for sudo : ALAS2023-2023-106
502640 Alpine Linux Security Update for sudo
672490 EulerOS Security Update for sudo (EulerOS-SA-2023-1047)
672507 EulerOS Security Update for sudo (EulerOS-SA-2023-1022)
672551 EulerOS Security Update for sudo (EulerOS-SA-2023-1137)
672553 EulerOS Security Update for sudo (EulerOS-SA-2023-1113)
672608 EulerOS Security Update for sudo (EulerOS-SA-2023-1337)
672623 EulerOS Security Update for sudo (EulerOS-SA-2023-1400)
672646 EulerOS Security Update for sudo (EulerOS-SA-2023-1372)
672764 EulerOS Security Update for sudo (EulerOS-SA-2023-1516)
690976 Free Berkeley Software Distribution (FreeBSD) Security Update for sudo (3310014a-5ef9-11ed-812b-206a8a720317)
710681 Gentoo Linux sudo Heap-Based Buffer Overread Vulnerability (GLSA 202211-08)
752784 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2022:3938-1)
752805 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2022:4001-1)
752856 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2022:4240-1)
752928 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2022:4077-1)
752942 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2022:4280-1)
904438 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (11423)
904471 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (11400)
904534 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (11423-1)
904586 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (11400-1)