CVE-2021-3156
HIGHCVSS 7.8/10Actively ExploitedEPSS 99.30%
Last modified
CVE-2021-3156 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.. CISA has confirmed active exploitation in the wild. EPSS estimates a 99.30% chance of exploitation in the next 30 days.
Description
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sudo Project | Sudo | >= 1.8.2, < 1.8.32 |
| Sudo Project | Sudo | >= 1.9.0, < 1.9.5 |
| Sudo Project | Sudo | 1.9.5 |
| Fedoraproject | Fedora | 32 |
| Fedoraproject | Fedora | 33 |
| Debian | Debian Linux | 9.0 |
| Debian | Debian Linux | 10.0 |
| Netapp | Active Iq Unified Manager | All versions |
| Netapp | Cloud Backup | All versions |
| Netapp | Hci Management Node | All versions |
| Netapp | Oncommand Unified Manager Core Package | All versions |
| Netapp | Ontap Select Deploy Administration Utility | All versions |
| Netapp | Ontap Tools | 9 |
| Netapp | Solidfire | All versions |
| Mcafee | Web Gateway | 8.2.17 |
| Mcafee | Web Gateway | 9.2.8 |
| Mcafee | Web Gateway | 10.0.4 |
| Synology | Diskstation Manager Unified Controller | 3.0 |
| Synology | Diskstation Manager | 6.2 |
| Synology | Skynas Firmware | All versions |
| Synology | Vs960hd Firmware | All versions |
| Beyondtrust | Privilege Management For Mac | < 21.1.1 |
| Beyondtrust | Privilege Management For Unix\/Linux | < 10.3.2-10 |
| Oracle | Micros Compact Workstation 3 Firmware | 310 |
| Oracle | Micros Es400 Firmware | >= 400, <= 410 |
| Oracle | Micros Kitchen Display System Firmware | 210 |
| Oracle | Micros Workstation 5a Firmware | 5a |
| Oracle | Micros Workstation 6 Firmware | >= 610, <= 655 |
| Oracle | Communications Performance Intelligence Center | >= 10.3.0.0.0, <= 10.3.0.2.1 |
| Oracle | Communications Performance Intelligence Center | >= 10.4.0.1.0, <= 10.4.0.3.1 |
| Oracle | Tekelec Platform Distribution | >= 7.4.0, <= 7.7.1 |
References
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlExploit, Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2021/Feb/42Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2021/Jan/79Exploit, Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Feb/3Exploit, Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/01/26/3Exploit, Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/01/27/1Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/01/27/2Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/02/15/1Exploit, Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/09/14/2Mailing List, Patch, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2024/01/30/6Exploit, Mailing List
- https://kc.mcafee.com/corporate/index?page=content&id=SB10348Broken Link, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/01/msg00022.htmlMailing List, Third Party Advisory
- https://security.gentoo.org/glsa/202101-33Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210128-0001/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210128-0002/Third Party Advisory
- https://support.apple.com/kb/HT212177Third Party Advisory
- https://www.debian.org/security/2021/dsa-4839Third Party Advisory
- https://www.kb.cert.org/vuls/id/794544Third Party Advisory, US Government Resource
- https://www.openwall.com/lists/oss-security/2021/01/26/3Exploit, Mailing List, Third Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
- https://www.sudo.ws/stable.html#1.9.5p2Release Notes
- https://www.synology.com/security/advisory/Synology_SA_21_02Third Party Advisory
- https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156Exploit, Third Party Advisory
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlExploit, Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2021/Feb/42Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2021/Jan/79Exploit, Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2024/Feb/3Exploit, Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/01/26/3Exploit, Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/01/27/1Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/01/27/2Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/02/15/1Exploit, Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/09/14/2Mailing List, Patch, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2024/01/30/6Exploit, Mailing List
- https://kc.mcafee.com/corporate/index?page=content&id=SB10348Broken Link, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/01/msg00022.htmlMailing List, Third Party Advisory
- https://security.gentoo.org/glsa/202101-33Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210128-0001/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210128-0002/Third Party Advisory
- https://support.apple.com/kb/HT212177Third Party Advisory
- https://www.debian.org/security/2021/dsa-4839Third Party Advisory
- https://www.kb.cert.org/vuls/id/794544Third Party Advisory, US Government Resource
- https://www.openwall.com/lists/oss-security/2021/01/26/3Exploit, Mailing List, Third Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
- https://www.sudo.ws/stable.html#1.9.5p2Release Notes
- https://www.synology.com/security/advisory/Synology_SA_21_02Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2021-3156?
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
How severe is CVE-2021-3156?
CVE-2021-3156 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 99.30% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.
How do I fix CVE-2021-3156?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-3156?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST