Search for vulnerabilities
Vulnerability details: VCID-5xpt-5e4h-f7c7
Vulnerability ID VCID-5xpt-5e4h-f7c7
Aliases CVE-2021-3156
Summary Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-193 Off-by-one Error
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3.1 7.8 http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
ssvc Attend http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
cvssv3.1 7.8 http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
ssvc Attend http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
cvssv3.1 7.8 http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
ssvc Attend http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
cvssv3.1 7.8 http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
ssvc Attend http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
cvssv3.1 7.8 http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
ssvc Attend http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
cvssv3 7.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3156.json
epss 0.92019 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92188 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92188 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92188 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92188 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92263 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92348 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92348 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92492 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92492 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
epss 0.92492 https://api.first.org/data/v1/epss?cve=CVE-2021-3156
cvssv3.1 7.8 http://seclists.org/fulldisclosure/2021/Feb/42
ssvc Attend http://seclists.org/fulldisclosure/2021/Feb/42
cvssv3.1 7.8 http://seclists.org/fulldisclosure/2021/Jan/79
ssvc Attend http://seclists.org/fulldisclosure/2021/Jan/79
cvssv3.1 7.8 http://seclists.org/fulldisclosure/2024/Feb/3
ssvc Attend http://seclists.org/fulldisclosure/2024/Feb/3
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.8 https://kc.mcafee.com/corporate/index?page=content&id=SB10348
ssvc Attend https://kc.mcafee.com/corporate/index?page=content&id=SB10348
cvssv3.1 7.8 https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
ssvc Attend https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
cvssv3.1 7.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
cvssv3.1 7.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
ssvc Attend https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
cvssv2 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-3156
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3156
archlinux Critical https://security.archlinux.org/AVG-1431
cvssv3.1 7.8 https://security.gentoo.org/glsa/202101-33
ssvc Attend https://security.gentoo.org/glsa/202101-33
cvssv3.1 7.8 https://security.netapp.com/advisory/ntap-20210128-0001/
ssvc Attend https://security.netapp.com/advisory/ntap-20210128-0001/
cvssv3.1 7.8 https://security.netapp.com/advisory/ntap-20210128-0002/
ssvc Attend https://security.netapp.com/advisory/ntap-20210128-0002/
cvssv3.1 7.8 https://support.apple.com/kb/HT212177
ssvc Attend https://support.apple.com/kb/HT212177
cvssv3.1 7.8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
ssvc Attend https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
cvssv3.1 7.8 https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
ssvc Attend https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
cvssv3.1 7.8 https://www.debian.org/security/2021/dsa-4839
ssvc Attend https://www.debian.org/security/2021/dsa-4839
cvssv3.1 7.8 https://www.kb.cert.org/vuls/id/794544
ssvc Attend https://www.kb.cert.org/vuls/id/794544
cvssv3.1 7.8 https://www.openwall.com/lists/oss-security/2021/01/26/3
ssvc Attend https://www.openwall.com/lists/oss-security/2021/01/26/3
cvssv3.1 7.8 https://www.oracle.com/security-alerts/cpuapr2022.html
ssvc Attend https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1 7.8 https://www.oracle.com//security-alerts/cpujul2021.html
ssvc Attend https://www.oracle.com//security-alerts/cpujul2021.html
cvssv3.1 7.8 https://www.oracle.com/security-alerts/cpuoct2021.html
ssvc Attend https://www.oracle.com/security-alerts/cpuoct2021.html
cvssv3.1 7.8 https://www.sudo.ws/stable.html#1.9.5p2
ssvc Attend https://www.sudo.ws/stable.html#1.9.5p2
cvssv3.1 7.8 https://www.synology.com/security/advisory/Synology_SA_21_02
ssvc Attend https://www.synology.com/security/advisory/Synology_SA_21_02
cvssv3.1 7.8 https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
ssvc Attend https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2021/01/26/3
ssvc Attend http://www.openwall.com/lists/oss-security/2021/01/26/3
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2021/01/27/1
ssvc Attend http://www.openwall.com/lists/oss-security/2021/01/27/1
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2021/01/27/2
ssvc Attend http://www.openwall.com/lists/oss-security/2021/01/27/2
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2021/02/15/1
ssvc Attend http://www.openwall.com/lists/oss-security/2021/02/15/1
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2021/09/14/2
ssvc Attend http://www.openwall.com/lists/oss-security/2021/09/14/2
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2024/01/30/6
ssvc Attend http://www.openwall.com/lists/oss-security/2024/01/30/6
cvssv3.1 7.8 http://www.openwall.com/lists/oss-security/2024/01/30/8
ssvc Attend http://www.openwall.com/lists/oss-security/2024/01/30/8
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3156.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
1 http://www.openwall.com/lists/oss-security/2021/01/27/1
1 http://www.openwall.com/lists/oss-security/2021/02/15/1
1917684 https://bugzilla.redhat.com/show_bug.cgi?id=1917684
2 http://www.openwall.com/lists/oss-security/2021/01/27/2
2 http://www.openwall.com/lists/oss-security/2021/09/14/2
202101-33 https://security.gentoo.org/glsa/202101-33
3 http://seclists.org/fulldisclosure/2024/Feb/3
3 https://www.openwall.com/lists/oss-security/2021/01/26/3
3 http://www.openwall.com/lists/oss-security/2021/01/26/3
42 http://seclists.org/fulldisclosure/2021/Feb/42
6 http://www.openwall.com/lists/oss-security/2024/01/30/6
79 http://seclists.org/fulldisclosure/2021/Jan/79
794544 https://www.kb.cert.org/vuls/id/794544
8 http://www.openwall.com/lists/oss-security/2024/01/30/8
ASA-202101-25 https://security.archlinux.org/ASA-202101-25
AVG-1431 https://security.archlinux.org/AVG-1431
CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
cisco-sa-sudo-privesc-jan2021-qnYQfcM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:*
cpe:2.3:a:beyondtrust:privilege_management_for_unix\/linux:*:*:*:*:basic:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:beyondtrust:privilege_management_for_unix\/linux:*:*:*:*:basic:*:*:*
cpe:2.3:a:mcafee:web_gateway:10.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway:10.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:web_gateway:8.2.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway:8.2.17:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:web_gateway:9.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway:9.2.8:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:1.9.5:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.9.5:-:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:1.9.5:patch1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo_project:sudo:1.9.5:patch1:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
CVE-2021-3156 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/49521.py
CVE-2021-3156 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/49522.c
CVE-2021-3156 https://nvd.nist.gov/vuln/detail/CVE-2021-3156
dsa-4839 https://www.debian.org/security/2021/dsa-4839
glibc-syslog-Heap-Based-Buffer-Overflow.html http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
HT212177 https://support.apple.com/kb/HT212177
index?page=content&id=SB10348 https://kc.mcafee.com/corporate/index?page=content&id=SB10348
LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
msg00022.html https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
ntap-20210128-0001 https://security.netapp.com/advisory/ntap-20210128-0001/
ntap-20210128-0002 https://security.netapp.com/advisory/ntap-20210128-0002/
RHSA-2021:0218 https://access.redhat.com/errata/RHSA-2021:0218
RHSA-2021:0219 https://access.redhat.com/errata/RHSA-2021:0219
RHSA-2021:0220 https://access.redhat.com/errata/RHSA-2021:0220
RHSA-2021:0221 https://access.redhat.com/errata/RHSA-2021:0221
RHSA-2021:0222 https://access.redhat.com/errata/RHSA-2021:0222
RHSA-2021:0223 https://access.redhat.com/errata/RHSA-2021:0223
RHSA-2021:0224 https://access.redhat.com/errata/RHSA-2021:0224
RHSA-2021:0225 https://access.redhat.com/errata/RHSA-2021:0225
RHSA-2021:0226 https://access.redhat.com/errata/RHSA-2021:0226
RHSA-2021:0227 https://access.redhat.com/errata/RHSA-2021:0227
RHSA-2021:0395 https://access.redhat.com/errata/RHSA-2021:0395
RHSA-2021:0401 https://access.redhat.com/errata/RHSA-2021:0401
security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
stable.html#1.9.5p2 https://www.sudo.ws/stable.html#1.9.5p2
Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
Sudo-Buffer-Overflow-Privilege-Escalation.html http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
sudoedit-pwned-cve-2021-3156 https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
Sudo-Heap-Based-Buffer-Overflow.html http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
Synology_SA_21_02 https://www.synology.com/security/advisory/Synology_SA_21_02
USN-4705-1 https://usn.ubuntu.com/4705-1/
USN-4705-2 https://usn.ubuntu.com/4705-2/
Data source Metasploit
Description A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.
Note 
AKA:
  - Baron Samedit
SideEffects:
  - artifacts-on-disk
  - ioc-in-logs
Reliability:
  - repeatable-session
Stability:
  - crash-safe
Ransomware campaign use Unknown
Source publication date Jan. 26, 2021
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/sudo_baron_samedit.rb
Data source Exploit-DB
Date added Feb. 3, 2021
Description Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (2)
Ransomware campaign use Unknown
Source publication date Feb. 3, 2021
Exploit type local
Platform multiple
Source update date Feb. 3, 2021
Data source KEV
Date added April 6, 2022
Description Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
Required action Apply updates per vendor instructions.
Due date April 27, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2021-3156
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3156.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Feb/42
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://seclists.org/fulldisclosure/2021/Feb/42
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2021/Jan/79
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://seclists.org/fulldisclosure/2021/Jan/79
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2024/Feb/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://seclists.org/fulldisclosure/2024/Feb/3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10348
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10348
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3156
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3156
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202101-33
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://security.gentoo.org/glsa/202101-33
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20210128-0001/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://security.netapp.com/advisory/ntap-20210128-0001/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20210128-0002/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://security.netapp.com/advisory/ntap-20210128-0002/
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/kb/HT212177
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://support.apple.com/kb/HT212177
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4839
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.debian.org/security/2021/dsa-4839
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.kb.cert.org/vuls/id/794544
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.kb.cert.org/vuls/id/794544
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2021/01/26/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.openwall.com/lists/oss-security/2021/01/26/3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuapr2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.oracle.com/security-alerts/cpuapr2022.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com//security-alerts/cpujul2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.oracle.com//security-alerts/cpujul2021.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpuoct2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.oracle.com/security-alerts/cpuoct2021.html
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.sudo.ws/stable.html#1.9.5p2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.sudo.ws/stable.html#1.9.5p2
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.synology.com/security/advisory/Synology_SA_21_02
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.synology.com/security/advisory/Synology_SA_21_02
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/26/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/01/26/3
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/27/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/01/27/1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/01/27/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/01/27/2
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/02/15/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/02/15/1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/09/14/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2021/09/14/2
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/01/30/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2024/01/30/6
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/01/30/8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T15:43:52Z/ Found at http://www.openwall.com/lists/oss-security/2024/01/30/8
Exploit Prediction Scoring System (EPSS)
Percentile 0.99698
EPSS Score 0.92019
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:42:19.919032+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/4705-2/ 37.0.0