{"id":"MGASA-2022-0426","summary":"Updated sudo packages fix security vulnerability","details":"Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a\nplugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in\na heap-based buffer over-read. This can be triggered by arbitrary local\nusers with access to Sudo by entering a password of seven characters or\nfewer. The impact could vary depending on the system libraries, compiler,\nand processor architecture. (CVE-2022-43995)\n","modified":"2026-02-04T02:14:03.403121Z","published":"2022-11-17T15:45:52Z","related":["CVE-2022-43995"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0426.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31089"},{"type":"REPORT","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-November/012820.html"},{"type":"REPORT","url":"https://www.sudo.ws/releases/stable/#1.9.12p1"}],"affected":[{"package":{"name":"sudo","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/sudo?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.5p2-2.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0426.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}