Aggregates CVE and security vulnerability intelligence across all sudo_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow, vendor risk memory corruption, and vendor risk input validation, with potential vendor impact memory corruption across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-1000367 | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | [email protected] | 6.4 | 19.92% | 2017-06-05 | 2026-05-13 |
| CVE-2014-9680 | sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. | [email protected] | 3.3 | 0.37% | 2017-04-24 | 2026-05-13 |
| CVE-2015-5602 | sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." | [email protected] | 7.2 | 5.51% | 2015-11-17 | 2026-05-06 |
| CVE-2002-0184 | Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. | [email protected] | 7.8 | 0.18% | 2002-05-16 | 2026-04-16 |