{"id":"CVE-2022-43995","details":"Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.","modified":"2026-03-15T14:48:10.854813Z","published":"2022-11-02T14:15:16.187Z","related":["MGASA-2022-0426","SUSE-SU-2022:3886-1","SUSE-SU-2022:3938-1","SUSE-SU-2022:4001-1","SUSE-SU-2022:4077-1","SUSE-SU-2022:4240-1","SUSE-SU-2022:4280-1","openSUSE-SU-2024:12483-1"],"references":[{"type":"ADVISORY","url":"https://news.ycombinator.com/item?id=33465707"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202211-08"},{"type":"ADVISORY","url":"https://www.sudo.ws/security/advisories/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2139911"},{"type":"FIX","url":"https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/millert/sudo","events":[{"introduced":"4333b06914558093a327ee445699c479a57933a4"},{"fixed":"c684bf08307b3270a62f2130bafb37c36aa3c99e"},{"introduced":"0"},{"last_affected":"c684bf08307b3270a62f2130bafb37c36aa3c99e"}],"database_specific":{"versions":[{"introduced":"1.8.0"},{"fixed":"1.9.12"},{"introduced":"0"},{"last_affected":"1.9.12-NA"}]}},{"type":"GIT","repo":"https://github.com/sudo-project/sudo","events":[{"introduced":"0"},{"fixed":"bd209b9f16fcd1270c13db27ae3329c677d48050"}]}],"versions":["SUDO_1_3_0","SUDO_1_3_1","SUDO_1_4_0","SUDO_1_5_0","SUDO_1_5_1","SUDO_1_5_2","SUDO_1_5_3","SUDO_1_5_4","SUDO_1_5_6","SUDO_1_5_7","SUDO_1_5_8","SUDO_1_5_9","SUDO_1_6_0","SUDO_1_6_1","SUDO_1_6_2","SUDO_1_6_3","SUDO_1_6_4","SUDO_1_6_5","SUDO_1_6_6","SUDO_1_6_7","SUDO_1_6_8","SUDO_1_6_8p1","SUDO_1_7_0","SUDO_1_7_1","SUDO_1_7_2","SUDO_1_8_0","SUDO_1_9_0","v1.3.0","v1.3.1","v1.4.0","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.8p1","v1.7.0","v1.7.1","v1.7.2","v1.8.0","v1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43995.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["337633252920991241112857162465452390298","262853266045190752843127941413843408656","61690952090159972777364936005601145194","128035712224375988314427638006103912115","94127008450240786502871837663103258118","98733321982592306874869601466115003794","8004731231940764953004213991397676849","221443112049861906691759667364935375915","113536667263124047403014320319250631257","267568419315262234764733117499065506321","181495643499762969102095757999593662642","224122946542034265895270638157337010187","26387421224791964521672678200805934154"]},"source":"https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050","signature_version":"v1","deprecated":false,"signature_type":"Line","id":"CVE-2022-43995-583b6dec","target":{"file":"plugins/sudoers/auth/passwd.c"}},{"digest":{"function_hash":"98815895881217986653558569722860438731","length":679},"source":"https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050","signature_version":"v1","deprecated":false,"signature_type":"Function","id":"CVE-2022-43995-773384c8","target":{"file":"plugins/sudoers/auth/passwd.c","function":"sudo_passwd_verify"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}