CVE-2023-27320

Name
CVE-2023-27320
Description
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.sudo.ws/releases/stable/#1.9.13p2
MISC https://www.openwall.com/lists/oss-security/2023/02/28/1
MLIST http://www.openwall.com/lists/oss-security/2023/03/01/8
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/
CONFIRM https://security.netapp.com/advisory/ntap-20230413-0009/
Third Party Advisory https://security.gentoo.org/glsa/202309-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sudo_project:sudo:1.9.13:-:*:*:*:*:*:* sudo == None == 1.9.13
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* sudo >= 1.9.8 < 1.9.13

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sudo 3.17-community 1.9.12_p2-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
sudo 3.14-main 1.9.12_p2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
sudo 3.15-main 1.9.13-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable