← back
CVE-2021-3156

CVE-2021-3156

CVSS 7.8 HIGHEPSS 99.3%● KEVCWE-193
In short

Sudo has a flaw where a specially crafted command ending with a backslash can overflow memory and let an attacker gain root access. This affects older versions of Sudo and can be exploited through the sudoedit command.

Technical detail

An off-by-one error in Sudo versions before 1.9.5p2 leads to heap-based buffer overflow when processing sudoedit with the -s flag followed by arguments terminating in a backslash. This allows local privilege escalation to root; requires sudoedit functionality to be available to the user.

Summary generated and translated by AI from the official description.
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found90
githubgithub.com/blasty/CVE-2021-31561014githubgithub.com/worawit/CVE-2021-3156800githubgithub.com/stong/CVE-2021-3156431githubgithub.com/LiveOverflow/pwnedit227githubgithub.com/Rvn0xsy/CVE-2021-3156-plus205githubgithub.com/CptGibbon/CVE-2021-3156158githubgithub.com/reverse-ex/CVE-2021-3156112githubgithub.com/0x4ndy/clif100githubgithub.com/0xdevil/CVE-2021-315651githubgithub.com/mbcrump/CVE-2021-315639githubgithub.com/mr-r3b00t/CVE-2021-315635githubgithub.com/PhuketIsland/CVE-2021-3156-centos730githubgithub.com/kernelzeroday/CVE-2021-3156-Baron-Samedit17githubgithub.com/jm33-m0/CVE-2021-315616githubgithub.com/redhawkeye/sudo-exploit15githubgithub.com/chenaotian/CVE-2021-315611githubgithub.com/Maalfer/Sudo-CVE-2021-31568githubgithub.com/apogiatzis/docker-CVE-2021-31567githubgithub.com/PurpleOzone/PE_CVE-CVE-2021-31567githubgithub.com/1N53C/CVE-2021-3156-PoC7githubgithub.com/teamtopkarl/CVE-2021-31567githubgithub.com/Mhackiori/CVE-2021-31566githubgithub.com/dinhbaouit/CVE-2021-31565githubgithub.com/yaunsky/cve-2021-31565githubgithub.com/lmol/CVE-2021-31564githubgithub.com/baka9moe/CVE-2021-3156-Exp4githubgithub.com/elbee-cyber/CVE-2021-3156-PATCHER3githubgithub.com/kal1gh0st/CVE-2021-31563githubgithub.com/ph4ntonn/CVE-2021-31563githubgithub.com/musergi/CVE-2021-31562githubgithub.com/lypd0/CVE-2021-3156-checker2githubgithub.com/Q4n/CVE-2021-31562githubgithub.com/SantiagoSerrao/ScannerCVE-2021-31561githubgithub.com/nobodyatall648/CVE-2021-31561githubgithub.com/DASICS-ICT/DASICS-CVE-2021-31561githubgithub.com/q77190858/CVE-2021-31561githubgithub.com/RodricBr/CVE-2021-31561githubgithub.com/binw2018/CVE-2021-3156-SCRIPT1githubgithub.com/0x7183/CVE-2021-31561githubgithub.com/unauth401/CVE-2021-31561githubgithub.com/TheFlash2k/CVE-2021-31561githubgithub.com/donghyunlee00/CVE-2021-31561githubgithub.com/BearCat4/CVE-2021-31561githubgithub.com/DDayLuong/CVE-2021-31560githubgithub.com/Robblackcatchai/porfolio-Baron-Samedit0githubgithub.com/nexcess/sudo_cve-2021-31560githubgithub.com/ymrsmns/CVE-2021-31560githubgithub.com/freeFV/CVE-2021-31560githubgithub.com/Ashish-dawani/CVE-2021-3156-Patch0githubgithub.com/DanielAzulayy/CTF-20210githubgithub.com/cdeletre/Serpentiel-CVE-2021-31560githubgithub.com/perlun/sudo-1.8.3p1-patched0githubgithub.com/gmldbd94/cve-2021-31560githubgithub.com/oneoy/CVE-2021-31560githubgithub.com/capturingcats/CVE-2021-31560githubgithub.com/ajtech-hue/CVE-2021-3156-Mitigation-ShellScript-Build0githubgithub.com/Exodusro/CVE-2021-31560githubgithub.com/sbladiamond/CVE-2021-31560githubgithub.com/d3c3ptic0n/CVE-2021-31560githubgithub.com/halissha/CVE-2021-31560githubgithub.com/sharkmoos/Baron-Samedit0githubgithub.com/arvindshima/CVE-2021-31560githubgithub.com/HuzaifaTariqAfzalKhan/CVE-Exploit-Research-Development-ITSOLERA0githubgithub.com/VilmarTuminskii/cve-2021-3156-sudo-lab0githubgithub.com/DakerQirszh/cve-2021-31560githubgithub.com/TheLeopard65/CVE-2021-3156-Baron-Samedit0githubgithub.com/Rana-Ali93/CVE-2021-3156-Sudo-Buffer-Overflow-Linux0githubgithub.com/calonnuotcabe/CVE-2021-31560githubgithub.com/Kranti08/CVE-2021-3156-Baron-Samedit0githubgithub.com/hycheng15/CVE-2021-31560githubgithub.com/mutur4/CVE-2021-31560githubgithub.com/asepsaepdin/CVE-2021-31560githubgithub.com/ngtuonghung/CVE-2021-31560githubgithub.com/wurwur/CVE-2021-31560githubgithub.com/acidburn2049/CVE-2021-31560githubgithub.com/Bad3r/CVE-2021-3156-without-ip-command0githubgithub.com/Sebastianbedoya25/CVE-2021-31560githubgithub.com/czeti/baron-samedit0githubgithub.com/Sornphut/CVE-2021-3156-Heap-Based-Buffer-Overflow-in-Sudo-Baron-Samedit-0githubgithub.com/shishirpandey18/CVE-2021-31560githubgithub.com/Shuhaib88/Baron-Samedit-Heap-Buffer-Overflow-CVE-2021-31560githubgithub.com/Superliverbun/cve-2021-3156-0githubgithub.com/TopskiyPavelQwertyGang/Review.CVE-2021-31560cve_referencepacketstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49521unverifiedcve_referencepacketstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlunverifiedcve_referencepacketstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49522unverifiedcve_referencepacketstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2021/Feb/42http://seclists.org/fulldisclosure/2021/Jan/79http://seclists.org/fulldisclosure/2024/Feb/3https://kc.mcafee.com/corporate/index?page=content&id=SB10348https://lists.debian.org/debian-lts-announce/2021/01/msg00022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/