CVE-2023-28487

Name

CVE-2023-28487

Description

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
MISC	https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
CONFIRM	https://security.netapp.com/advisory/ntap-20230420-0002/
Third Party Advisory	https://security.gentoo.org/glsa/202309-12
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:sudo_project:sudo::::::::`	sudo	>= None	< 1.9.13

Source package	Branch	Version	Maintainer	Status
sudo	edge-main	1.9.5p2-r0	None	possibly vulnerable
sudo	edge-main	1.9.5-r0	None	possibly vulnerable
sudo	edge-main	1.8.31-r0	None	possibly vulnerable
sudo	edge-main	1.8.28-r0	None	possibly vulnerable
sudo	edge-main	1.8.20_p2-r0	None	possibly vulnerable
sudo	edge-community	1.9.12_p2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
sudo	edge-community	1.9.5p2-r0	None	possibly vulnerable
sudo	edge-community	1.9.5_p2-r0	None	possibly vulnerable
sudo	edge-community	1.9.5-r0	None	possibly vulnerable
sudo	edge-community	1.8.31-r0	None	possibly vulnerable
sudo	edge-community	1.8.28-r0	None	possibly vulnerable
sudo	edge-community	1.8.20_p2-r0	None	possibly vulnerable
sudo	3.22-community	1.9.12_p2-r0	None	possibly vulnerable
sudo	3.22-community	1.9.5_p2-r0	None	possibly vulnerable
sudo	3.22-community	1.9.5-r0	None	possibly vulnerable
sudo	3.22-community	1.8.31-r0	None	possibly vulnerable
sudo	3.22-community	1.8.28-r0	None	possibly vulnerable
sudo	3.22-community	1.8.20_p2-r0	None	possibly vulnerable
sudo	3.17-community	1.9.12_p2-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable