sudo Heap Buffer Overflow Vulnerability

漏洞信息

漏洞名称: sudo Heap Buffer Overflow Vulnerability

漏洞编号:

  • CVE: CVE-2021-3156

漏洞类型: 缓冲区溢出

漏洞等级: 高危

漏洞描述: 受影响的产品是sudo,一个在Unix和Linux操作系统中广泛使用的程序,允许用户以其他用户(通常是超级用户)的权限运行程序。它通常部署在企业级服务器和个人计算机上,是系统管理的关键组件。该漏洞的类型是堆缓冲区溢出,技术根源在于sudo在处理命令行参数时未能正确验证输入长度,导致攻击者可以覆盖堆内存中的关键数据。这种漏洞的影响分析表明,攻击者可以利用此漏洞以低权限本地用户的身份执行任意代码,进而获得root权限,导致系统完全被控制。此漏洞不需要用户交互即可被利用,且可以自动化攻击,因此构成了严重的安全风险。

产品名称: sudo

影响版本: v1.8.2+

来源: https://github.com/zharkaron/cve-2025-zharkaron

类型: CVE-2025:github search

仓库文件

  • CVE-2021-3156
  • Readme.md

来源概述

🛡️ CVE LAB by Zharkaron

A curated and hands-on CVE exploitation and defense lab. This repository contains real and simulated vulnerabilities reproduced in Docker environments for learning and research purposes.

Each CVE entry includes:

  • 🔓 A vulnerable Docker container for exploitation
  • 🔐 A hardened Docker container for defense
  • 🚀 Exploits and proof-of-concepts
  • 📚 Writeups and mitigation strategies

📂 CVE Index

CVE ID Vulnerability Type Service / App Status
CVE-2021-3156 Heap Buffer Overflow (PE) sudo v1.8.2+ ✅ Complete

✅ = Fully documented
🛠️ = Lab + Exploit present, README in progress
⏳ = Coming soon

📦 CVES Template of how things are going to look like

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
## CVE-YYYY-XXXX – [Name of Vulnerability]

### 🧠 Summary
A brief description of the vulnerability.

- **CVE ID**: CVE-YYYY-XXXX  
- **Discovered by**: [Name or team]  
- **Vulnerability Type**: [e.g. Buffer Overflow, RCE, LPE, XSS, SQLi]  
- **Affected Software**: [Application name and version]  
- **CVSS Score**: [X.X] (e.g. 7.8 - High)  
- **Attack Vector**: [e.g. Local, Remote, Network, Adjacent]  
- **Privileges Required**: [None, Low, High]  
- **User Interaction**: [None, Required]

---

### 📋 Affected Versions

List known vulnerable versions and environments.

- Ubuntu 20.04 (sudo 1.8.31p2)
- Debian 10 (sudo 1.8.27)
- Fedora 33 (sudo 1.9.2)

---

### ⚠️ Impact

Explain what an attacker can do with the vulnerability.

> This vulnerability allows a low-privileged local user to execute arbitrary code as **root**, leading to full system compromise.

---

### 🔍 Technical Details

Explain the root cause and why it’s exploitable.

Github Poc
#CVE-2025:github search #缓冲区溢出
sudo Heap Buffer Overflow Vulnerability
http://example.com/2025/07/30/github_3486811502/
作者
lianccc
发布于
2025年7月30日
许可协议