VDB
CVE-2002-0184
CVE-2002-0184
PUBLISHED
CVSS 7.199999809265137 HIGH
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
EPSS 0.21% · 43.8th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
0.21%
43.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| debian | debian_linux | 2.2 |
| sudo_project | sudo | 0 |
Timeline
- May 16, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
References
- 20020425 Sudo version 1.6.6 now available (fwd) mailing-list
- DSA-128 vendor-advisory
- 20020425 [slackware-security] sudo upgrade fixes a potential vulnerability mailing-list
- RHSA-2002:071 vendor-advisory
- VU#820083 third-party-advisory
- SuSE-SA:2002:014 vendor-advisory
- 20020425 [Global InterSec 2002041701] Sudo Password Prompt mailing-list
- CLA-2002:475 vendor-advisory
- sudo-password-expansion-overflow(8936) vdb
- 4593 vdb
- ESA-20020429-010 vendor-advisory
- TSLSA-2002-0046 vendor-advisory
- RHSA-2002:072 vendor-advisory
- MDKSA-2002:028 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-0184 advisory