QSearchQSearch

CVE-2021-3156

7.8 HIGH

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to ro...

Published: 2021-01-26 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.8 HIGH
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-193

Affected products

VendorProduct
beyondtrustactive_iq_unified_manager, cloud_backup, communications_performance_intelligence_center
debianactive_iq_unified_manager, cloud_backup, communications_performance_intelligence_center
fedoraprojectactive_iq_unified_manager, cloud_backup, communications_performance_intelligence_center
mcafeeactive_iq_unified_manager, cloud_backup, communications_performance_intelligence_center
netappactive_iq_unified_manager, cloud_backup, communications_performance_intelligence_center
oracleactive_iq_unified_manager, cloud_backup, communications_performance_intelligence_center
sudo_projectactive_iq_unified_manager, cloud_backup, communications_performance_intelligence_center
synologyactive_iq_unified_manager, cloud_backup, communications_performance_intelligence_center

Description

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-35273 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
  • CVE-2026-49975 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
  • CVE-2024-47273 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology ... (4.3 MEDIUM)
  • CVE-2024-47263 An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in ... (4.1 MEDIUM)
  • CVE-2023-52951 A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle... (5.9 MEDIUM)

Same CWE

  • CVE-2026-8357 LibreOffice Calc compiles cell formulas when opening a spreadsheet
  • CVE-2026-54410 nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows ... (8.6 HIGH)
  • CVE-2026-46559 ImageMagick is free and open-source software used for editing and manipulating digital images (4.0 MEDIUM)
  • CVE-2026-45380 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files (3.6 LOW)
  • CVE-2026-45358 ImageMagick is free and open-source software used for editing and manipulating digital images (5.3 MEDIUM)