Sudo before 1.9.13 does not escape control characters in log messages.
References
Link | Resource |
---|---|
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca | Patch |
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 | Release Notes |
https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html | |
https://security.gentoo.org/glsa/202309-12 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230420-0002/ | Third Party Advisory |
Configurations
History
03 Feb 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Nov 2023, 01:59
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202309-12 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230420-0002/ - Third Party Advisory | |
First Time |
Netapp
Netapp active Iq Unified Manager |
|
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
29 Sep 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2023-03-16 01:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-28486
Mitre link : CVE-2023-28486
CVE.ORG link : CVE-2023-28486
JSON object : View
Products Affected
netapp
- active_iq_unified_manager
sudo_project
- sudo
CWE
CWE-116
Improper Encoding or Escaping of Output