Back to KEVs

CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 15, 2021
Published Date: January 26, 2021
Last Updated: February 03, 2025
Vendor: n/a
Product: n/a
Description: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-04-06 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2021-09-27 06:09:06 UTC) Source

References

https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html http://seclists.org/fulldisclosure/2021/Jan/79 http://www.openwall.com/lists/oss-security/2021/01/26/3 https://security.gentoo.org/glsa/202101-33 https://www.debian.org/security/2021/dsa-4839 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/ http://www.openwall.com/lists/oss-security/2021/01/27/1 http://www.openwall.com/lists/oss-security/2021/01/27/2 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM https://www.kb.cert.org/vuls/id/794544 http://seclists.org/fulldisclosure/2021/Feb/42 http://www.openwall.com/lists/oss-security/2021/02/15/1 https://www.oracle.com//security-alerts/cpujul2021.html https://www.sudo.ws/stable.html#1.9.5p2 https://www.openwall.com/lists/oss-security/2021/01/26/3 http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html https://security.netapp.com/advisory/ntap-20210128-0002/ https://security.netapp.com/advisory/ntap-20210128-0001/ http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html https://support.apple.com/kb/HT212177 https://kc.mcafee.com/corporate/index?page=content&id=SB10348 https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability https://www.synology.com/security/advisory/Synology_SA_21_02 http://www.openwall.com/lists/oss-security/2021/09/14/2 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/security-alerts/cpuapr2022.html http://www.openwall.com/lists/oss-security/2024/01/30/8 http://www.openwall.com/lists/oss-security/2024/01/30/6 http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html http://seclists.org/fulldisclosure/2024/Feb/3 https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-04-06 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/sudo_baron_samedit.rb	2025-04-29 11:01:17 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

sudo_baron_samedit

Type: metasploit • Created: Unknown

Metasploit module for CVE-2021-3156

PurpleOzone/PE_CVE-CVE-2021-3156

Type: github • Created: 2023-05-13 01:02:32 UTC • Stars: 4

Exploit for Ubuntu 20.04 using CVE-2021-3156 enhanced with post-exploitation scripts

PhuketIsland/CVE-2021-3156-centos7

Type: github • Created: 2022-11-03 13:10:23 UTC • Stars: 26

利用sudo提权，只针对cnetos7

Mhackiori/CVE-2021-3156

Type: github • Created: 2022-07-04 13:55:24 UTC • Stars: 5

Visualization, Fuzzing, Exploit and Patch of Baron Samedit Vulnerability

chenaotian/CVE-2021-3156

Type: github • Created: 2022-01-27 02:31:43 UTC • Stars: 8

CVE-2021-3156 POC and Docker and Analysis write up

musergi/CVE-2021-3156

Type: github • Created: 2021-10-13 17:43:51 UTC • Stars: 2

d3c3ptic0n/CVE-2021-3156

Type: github • Created: 2021-09-27 06:09:06 UTC • Stars: 0

Sudo heap-based buffer overflow privilege escalation commands and mitigations.

CyberCommands/CVE-2021-3156

Type: github • Created: 2021-08-07 08:38:50 UTC • Stars: 0

lmol/CVE-2021-3156

Type: github • Created: 2021-03-19 14:06:09 UTC • Stars: 4

Exploit generator for sudo CVE-2021-3156

worawit/CVE-2021-3156

Type: github • Created: 2021-03-15 17:37:02 UTC • Stars: 746

Sudo Baron Samedit Exploit

oneoy/CVE-2021-3156

Type: github • Created: 2021-02-23 03:14:36 UTC • Stars: 0

Rvn0xsy/CVE-2021-3156-plus

Type: github • Created: 2021-02-09 19:25:18 UTC • Stars: 201

CVE-2021-3156非交互式执行命令

jm33-m0/CVE-2021-3156

Type: github • Created: 2021-02-09 07:55:47 UTC • Stars: 16

sudo heap overflow to LPE, in Go

0xdevil/CVE-2021-3156

Type: github • Created: 2021-02-08 18:21:58 UTC • Stars: 51

CVE-2021-3156: Sudo heap overflow exploit for Debian 10

1N53C/CVE-2021-3156-PoC

Type: github • Created: 2021-02-06 21:16:11 UTC • Stars: 5

CptGibbon/CVE-2021-3156

Type: github • Created: 2021-02-03 19:57:56 UTC • Stars: 151

Root shell PoC for CVE-2021-3156

dinhbaouit/CVE-2021-3156

Type: github • Created: 2021-02-03 09:48:46 UTC • Stars: 5

CVE-2021-3156 Vagrant Lab

apogiatzis/docker-CVE-2021-3156

Type: github • Created: 2021-01-31 22:58:13 UTC • Stars: 7

A docker environment to research CVE-2021-3156

kal1gh0st/CVE-2021-3156

Type: github • Created: 2021-01-31 16:10:11 UTC • Stars: 3

Description Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.