VulnerableCode Package Details - pkg:deb/debian/sudo@1.9.13p3-1%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1xsy-7b37-w3dr	Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.	CVE-2025-32462
VCID-3xw3-qsu9-euhh	Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.	CVE-2022-43995
VCID-7f62-1mzt-jqc2	Sudo before 1.9.13 does not escape control characters in log messages.	CVE-2023-28486
VCID-awhy-qhdu-9qaf	sudo: Targeted Corruption of Register and Stack Variables	CVE-2023-42465
VCID-f83t-jkwc-d3du	Sudo before 1.9.13 does not escape control characters in sudoreplay output.	CVE-2023-28487

Vulnerability

Summary

Aliases

VCID-1xsy-7b37-w3dr

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

CVE-2025-32462

VCID-3xw3-qsu9-euhh

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

CVE-2022-43995

VCID-7f62-1mzt-jqc2

Sudo before 1.9.13 does not escape control characters in log messages.

CVE-2023-28486

VCID-awhy-qhdu-9qaf

sudo: Targeted Corruption of Register and Stack Variables

CVE-2023-42465

VCID-f83t-jkwc-d3du

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

CVE-2023-28487

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-09-10T01:18:58.672535+00:00	Debian Oval Importer	Fixing	VCID-1xsy-7b37-w3dr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T19:50:18.254428+00:00	Debian Importer	Fixing	VCID-f83t-jkwc-d3du	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-09-09T19:39:11.846914+00:00	Debian Importer	Fixing	VCID-7f62-1mzt-jqc2	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-09-09T18:56:31.601306+00:00	Debian Importer	Fixing	VCID-3xw3-qsu9-euhh	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:32:25.231424+00:00	Debian Importer	Fixing	VCID-awhy-qhdu-9qaf	https://security-tracker.debian.org/tracker/data/json	37.0.0