CVE-2023-28487

Summary

CVE	CVE-2023-28487
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-16 01:15:00 UTC
Updated	2024-02-03 11:15:00 UTC
Description	Sudo before 1.9.13 does not escape control characters in sudoreplay output.

Risk And Classification

Problem Types: CWE-116

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Sudo Project	Sudo	All	All	All	All

References

Reference	Source	Link	Tags
Release Sudo 1.9.13 · sudo-project/sudo · GitHub	MISC	github.com
March 2023 Sudo Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
sudo: Multiple Vulnerabilities (GLSA 202309-12) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] [DLA 3732-1] sudo security update		lists.debian.org
Escape control characters in log messages and "sudoreplay -l" output. · sudo-project/sudo@334daf9 · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

161354 Oracle Enterprise Linux Security Update for sudo (ELSA-2024-0811)
181964 Debian Security Update for sudo (CVE-2023-28487)
199279 Ubuntu Security Notification for Sudo Vulnerabilities (USN-6005-1)
199474 Ubuntu Security Notification for Sudo Vulnerabilities (USN-6005-2)
242925 Red Hat Update for sudo (RHSA-2024:0811)
355109 Amazon Linux Security Advisory for sudo : ALAS-2023-135
355193 Amazon Linux Security Advisory for sudo : ALAS-2023-135
355289 Amazon Linux Security Advisory for sudo : ALAS-2023-135
355293 Amazon Linux Security Advisory for sudo : ALAS-2023-135
355298 Amazon Linux Security Advisory for sudo : ALAS-2023-135
355299 Amazon Linux Security Advisory for sudo : ALAS-2023-135
355304 Amazon Linux Security Advisory for sudo : ALAS-2023-135
355310 Amazon Linux Security Advisory for sudo : ALAS-2023-135
355311 Amazon Linux Security Advisory for sudo : ALAS2023-2023-135
356417 Amazon Linux Security Advisory for sudo : ALAS2-2023-2301
379648 Alibaba Cloud Linux Security Update for sudo (ALINUX3-SA-2024:0034)
6000466 Debian Security Update for sudo (DLA 3732-1)
672916 EulerOS Security Update for sudo (EulerOS-SA-2023-1831)
672949 EulerOS Security Update for sudo (EulerOS-SA-2023-1813)
673481 EulerOS Security Update for sudo (EulerOS-SA-2023-2670)
673514 EulerOS Security Update for sudo (EulerOS-SA-2023-2712)
710752 Gentoo Linux sudo Multiple Vulnerabilities (GLSA 202309-12)
753854 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:1659-1)
753855 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:1699-1)
753856 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:1698-1)
753877 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:1700-1)
906702 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (25642-1)
941577 AlmaLinux Security Update for sudo (ALSA-2024:0811)