[sudo-commits] sudo changeset 14271:a6229aa26fbf
Todd C. Miller
Todd.Miller at sudo.ws
Mon Oct 31 09:13:32 MDT 2022
changeset: 14271:a6229aa26fbf in /raid/repos/sudo
user: Todd C. Miller <Todd.Miller at sudo.ws>
date: Fri Oct 28 07:29:55 2022 -0600
Fix CVE-2022-43995, potential heap overflow for passwords < 8 characters.
Starting with sudo 1.8.0 the plaintext password buffer is dynamically
sized so it is not safe to assume that it is at least 9 bytes in size.
Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
plugins/sudoers/auth/passwd.c | 11 +++++------
1 files changed, 5 insertions(+), 6 deletions(-)
More information about the sudo-commits