CVE-2021-3156: Sudo Heap-Based Buffer Overflow Vulnerability

Published Jan 19, 2021
·
Updated

A heap-based buffer overflow was found in the way sudo parses command line arguments.

As per the researcher this vulnerability:

- is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user's password);

- was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.

This could lead to privilege escalation.

Other sources

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

CISA

Sudo is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing command line arguments. By sending an "sudoedit -s" and a command-line argument that ends with a single backslash character, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges.

This vulnerability is also known as Baron Samedit.

IBM

Sudo. This issue was addressed by updating to sudo version 1.9.5p2.

Credit

Qualys

Affected Software

66 affected componentsFixes available
debian/sudo
1.8.27-1+deb10u31.8.27-1+deb10u51.9.5p2-3+deb11u11.9.13p3-1+deb12u11.9.14p2-1
redhat/sudo<1.9.5
1.9.5
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
IBM Security Guardium<=11.2
IBM Security Guardium<=11.3
Apple macOS Big Sur<11.2.1
11.2.1
Apple macOS Catalina Supplemental Update<10.15.7
10.15.7
Apple macOS Mojave<10.14.6
10.14.6
Sudo Sudo
Sudo Project Sudo>=1.8.2<1.8.32
Sudo Project Sudo>=1.9.0<1.9.5
Sudo Project Sudo=1.9.5
Sudo Project Sudo=1.9.5-patch1
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Debian Debian Linux=9.0
Debian Debian Linux=10.0
NetApp Hci Management Node
NetApp OnCommand Unified Manager Core Package
NetApp Solidfire
McAfee Web Gateway=8.2.17
McAfee Web Gateway=9.2.8
McAfee Web Gateway=10.0.4
Synology Diskstation Manager=6.2
Synology Diskstation Manager Unified Controller=3.0
Synology Skynas Firmware
Synology Skynas
Synology Vs960hd Firmware
Synology Vs960hd
BeyondTrust Privilege Management for Mac<21.1.1
BeyondTrust Privilege Management For Unix\/linux<10.3.2-10
Oracle Micros Compact Workstation 3 Firmware=310
Oracle Micros Compact Workstation 3
Oracle Micros Es400 Firmware>=400<=410
Oracle Micros Es400
Oracle Micros Kitchen Display System Firmware=210
Oracle Micros Kitchen Display System
Oracle Micros Workstation 5a Firmware=5a
Oracle Micros Workstation 5a
Oracle Micros Workstation 6 Firmware>=610<=655
Oracle Micros Workstation 6
Oracle Communications Performance Intelligence Center>=10.3.0.0.0<=10.3.0.2.1
Oracle Communications Performance Intelligence Center>=10.4.0.1.0<=10.4.0.3.1
Oracle Tekelec Platform Distribution>=7.4.0<=7.7.1
NetApp Active Iq Unified Manager Vmware Vsphere
NetApp Cloud Backup
NetApp ONTAP Select Deploy administration utility
NetApp Ontap Tools Vmware Vsphere=9
Synology Diskstation Manager=6.2
All of the following
Synology Skynas Firmware
Synology Skynas
All of the following
Synology Vs960hd Firmware
Synology Vs960hd
All of the following
Oracle Micros Compact Workstation 3 Firmware=310
Oracle Micros Compact Workstation 3
All of the following
Oracle Micros Es400 Firmware>=400<=410
Oracle Micros Es400
All of the following
Oracle Micros Kitchen Display System Firmware=210
Oracle Micros Kitchen Display System
All of the following
Oracle Micros Workstation 5a Firmware=5a
Oracle Micros Workstation 5a
All of the following
Oracle Micros Workstation 6 Firmware>=610<=655
Oracle Micros Workstation 6

Remediation

Patch Available

http://www.openwall.com/lists/oss-security/2021/09/14/2

Patch Available

https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability

Patch Available

https://www.oracle.com//security-alerts/cpujul2021.html

Patch Available

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch Available

https://www.oracle.com/security-alerts/cpuoct2021.html

Event History

Jan 26, 2021
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·09:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Apr 6, 2022
Known Exploited
via CISA·12:00 AM
May 8, 2025
News Published
via The Register·06:38 AM
News Published
via The Register·06:42 AM

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-3156.

2

What is the title of this vulnerability?

The title of this vulnerability is Sudo Heap-Based Buffer Overflow Vulnerability.

3

What is the description of this vulnerability?

The description of this vulnerability is that Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

4

Which software is affected by this vulnerability?

The affected software includes Sudo, macOS Big Sur (up to version 11.2.1), macOS Catalina Supplemental Update (up to version 10.15.7), and macOS Mojave (up to version 10.14.6).

5

Where can I find more information about this vulnerability?

More information about this vulnerability can be found at the following reference: [https://support.apple.com/en-us/HT212177](https://support.apple.com/en-us/HT212177).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203