{"id":"CVE-2019-15901","details":"An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids.","modified":"2026-04-11T12:42:13.971614Z","published":"2019-10-18T16:15:10.320Z","references":[{"type":"FIX","url":"https://github.com/slicer69/doas/commit/6cf0236184ff6304bf5e267ccf7ef02874069697"},{"type":"FIX","url":"https://github.com/slicer69/doas/compare/6.1p1...6.2"},{"type":"EVIDENCE","url":"https://github.com/slicer69/doas/pull/23"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/slicer69/doas","events":[{"introduced":"0"},{"fixed":"1c2858c681935a040cd2313e599b05a5dd40be95"},{"fixed":"6cf0236184ff6304bf5e267ccf7ef02874069697"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.2"}]}}],"versions":["6.0-1","6.0p0","6.0p1","6.0p2","6.0p3","6.0p4","6.1","6.1p1","v5.9","v5.9-1","v5.9-2","v5.9-3","v5.9-4","v5.9-5","v5.9-6","v5.9-7","v6.0-0","v6.0p0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15901.json","vanir_signatures":[{"source":"https://github.com/slicer69/doas/commit/6cf0236184ff6304bf5e267ccf7ef02874069697","id":"CVE-2019-15901-37cc6403","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["257018084219185830283189870846042186451","263298338661025237681855152090152291472","244465731727258627921882727482949357179","240392789334711037839660733709662652480","318302556276251466072957026995482253703","334770976537425838896833539275400219885","144114532411389305376620096985217832909","73301086098618445718506707714661862641","238491780293075423002916085271141572710","283407144815843603917628835820737147263","294481694951028940687679809539951880275","254365220151682927526214587906755972702","141506775240760496158604477182184919853"]},"signature_type":"Line","target":{"file":"doas.c"}},{"source":"https://github.com/slicer69/doas/commit/1c2858c681935a040cd2313e599b05a5dd40be95","id":"CVE-2019-15901-68bce56d","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["77395771208282268693997227990409505562","211361197346725683365328174351071453735","112781367654528564918063634607454395652","95301899913539240870913893487146184124"]},"signature_type":"Line","target":{"file":"execvpe.c"}},{"source":"https://github.com/slicer69/doas/commit/1c2858c681935a040cd2313e599b05a5dd40be95","id":"CVE-2019-15901-b22417ee","signature_version":"v1","deprecated":false,"digest":{"length":1884,"function_hash":"260128427067475575999234089115858697183"},"signature_type":"Function","target":{"file":"execvpe.c","function":"execvpe"}},{"source":"https://github.com/slicer69/doas/commit/6cf0236184ff6304bf5e267ccf7ef02874069697","id":"CVE-2019-15901-cede907b","signature_version":"v1","deprecated":false,"digest":{"length":5351,"function_hash":"229816150909773915025832948416141121373"},"signature_type":"Function","target":{"file":"doas.c","function":"main"}}],"vanir_signatures_modified":"2026-04-11T12:42:13Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}