VDB

GCVE-110-CERTCC-2021-794544

GCVE-110-CERTCC-2021-794544
Advisory Published
Vulnetix · Advisory published January 26, 2021
### Overview A heap-based overflow has been discovered in the `set_cmd()` function in sudo, which may allow a local attacker to execute commands with elevated administrator privileges. ### Description From the [Sudo Main Page](https://sudo.ws): > Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. It is possible for a local Non-administrative user to exploit this vulnerability to elevate their privileges so that they can execute commands with administrator privileges. The team at [Qualys](https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit) assigned this vulnerability CVE-2021-3156 and found multiple \*nix operating systems were vulnerable, including Fedora, Debian, and Ubuntu. A blog update from February 3, 2021, reports that macOS, AIX, and Solaris may be vulnerable, but Qualys had not yet confirmed this. There is [additional reporting](https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos/) that other operating systems are affected, including Apple’s Big Sur. ### Impact If an attacker has local access to an affected machine then it is possible for them to execute commands with administrator privileges. ### Solution **Apply an Update** Update sudo to the latest version to address this vulnerability when operationally feasible. This issue is resolved in sudo version 1.9.5p2. Please install this version, or a version from your distribution that has the fix applied to it ### Acknowledgements This vulnerability was researched and reported by the Qualys Research Team. This document was written by Timur Snoke.

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›