[arch-general] CVE-2021-3156 (Heap-Based Buffer Overflow in Sudo)

Łukasz Michalski lm at zork.pl
Fri Jan 29 17:20:20 UTC 2021


Just checked my servers and all were vulnerable:

[zork at archdevel ~]$ sudoedit -s '\' `perl -e 'print "A" x 65536'`
malloc(): corrupted top size
Aborted (core dumped)

Updating to the latest version (sudo-1.9.5.p2-1) closed this 
vulnerability. Maybe this should be posted as arch news message?


More information about the arch-general mailing list