CVE-2021-3156
Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
Vulnerability Description
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Affected Platforms (CPE)
📦
Sudo Project
Sudo
>= 1.8.2 and < 1.8.32📦
Sudo Project
Sudo
>= 1.9.0 and < 1.9.5📦
Sudo Project
Sudo
= 1.9.5📦
Sudo Project
Sudo
= 1.9.5💻
Fedoraproject
Fedora
= 32💻
Fedoraproject
Fedora
= 33💻
Debian
Debian Linux
= 9.0💻
Debian
Debian Linux
= 10.0📦
Netapp
Active Iq Unified Manager
All versions📦
Netapp
Cloud Backup
All versions📦
Netapp
Hci Management Node
All versions📦
Netapp
Oncommand Unified Manager Core Package
All versions📦
Netapp
Ontap Select Deploy Administration Utility
All versions📦
Netapp
Ontap Tools
= 9📦
Netapp
Solidfire
All versions📦
Mcafee
Web Gateway
= 8.2.17📦
Mcafee
Web Gateway
= 9.2.8📦
Mcafee
Web Gateway
= 10.0.4📦
Synology
Diskstation Manager Unified Controller
= 3.0💻
Synology
Diskstation Manager
= 6.2💻
Synology
Skynas Firmware
All versions💻
Synology
Vs960hd Firmware
All versions📦
Beyondtrust
Privilege Management For Mac
< 21.1.1📦
Beyondtrust
Privilege Management For Unix\/linux
< 10.3.2-10💻
Oracle
Micros Compact Workstation 3 Firmware
= 310💻
Oracle
Micros Es400 Firmware
>= 400 and <= 410💻
Oracle
Micros Kitchen Display System Firmware
= 210💻
Oracle
Micros Workstation 5a Firmware
= 5a💻
Oracle
Micros Workstation 6 Firmware
>= 610 and <= 655📦
Oracle
Communications Performance Intelligence Center
>= 10.3.0.0.0 and <= 10.3.0.2.1📦
Oracle
Communications Performance Intelligence Center
>= 10.4.0.1.0 and <= 10.4.0.3.1📦
Oracle