Sudo Project: >> Sudo >> 1.9.13 Security Vulnerabilities
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
CVSS Score
7.4
EPSS Score
0.0
Published
2026-04-03
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
CVSS Score
2.8
EPSS Score
0.3
Published
2025-06-30
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-12-22
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-02-28