Home > Vulnerability Database > CVE-2023-42465

Mend.io Vulnerability Database

CVE-2023-42465

Good to know:

Date: December 21, 2023

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

Language: C

Severity Score

7.0

Related Resources (12)

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/

Url: https://security-tracker.debian.org/tracker/CVE-2023-42465

Url: https://security.gentoo.org/glsa/202401-29

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-42465

Url: https://www.sudo.ws/releases/changelog/

Url: https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15

Url: https://arxiv.org/abs/2309.02545

Url: https://security.netapp.com/advisory/ntap-20240208-0002/

Url: https://www.openwall.com/lists/oss-security/2023/12/21/9

Url: https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f

Url: https://www.mend.io/vulnerability-database/CVE-2023-42465

Severity Score

7.0

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version SUDO_1_9_15

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-42465

Good to know:

Date: December 21, 2023

Language: C

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?