[sudo-commits] sudo changeset 14271:a6229aa26fbf

Todd C. Miller Todd.Miller at sudo.ws
Mon Oct 31 09:13:32 MDT 2022

changeset:	14271:a6229aa26fbf in /raid/repos/sudo
details:	https://www.sudo.ws/repos/sudo/rev/a6229aa26fbf
user:		Todd C. Miller <Todd.Miller at sudo.ws>
date:		Fri Oct 28 07:29:55 2022 -0600

Log Message:
	Fix CVE-2022-43995, potential heap overflow for passwords < 8 characters.
	Starting with sudo 1.8.0 the plaintext password buffer is dynamically
	sized so it is not safe to assume that it is at least 9 bytes in size.
	Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.


 plugins/sudoers/auth/passwd.c |  11 +++++------
 1 files changed, 5 insertions(+), 6 deletions(-)

More information about the sudo-commits mailing list