Double Free Vulnerability in Sudo's Per-Command Chroot Feature
CVE-2023-27320

7.2HIGH

Key Information:

Vendor: Sudo Project
Status: Sudo
Vendor: CVE Published:; 28 February 2023

🔔 Create Sudo Project Vulnerability Alert

What is CVE-2023-27320?

A vulnerability exists in Sudo affecting versions prior to 1.9.13p2, where the per-command chroot feature is prone to a double free condition. This flaw may lead to potential exploitation by attackers, allowing unauthorized access or escalation of privileges. It is crucial for users and administrators to review their Sudo configurations and upgrade to the latest version to mitigate this risk effectively.

References

https://www.openwall.com/lists/oss-security/2023/02/28/1

https://www.sudo.ws/releases/stable/#1.9.13p2

http://www.openwall.com/lists/oss-security/2023/03/01/8

mailing-list

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Feb 28, 2023