CVE-2023-28486

Reference Links

• https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
• https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
• https://security.gentoo.org/glsa/202309-12
• https://security.netapp.com/advisory/ntap-20230420-0002/
• https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2179274
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2179275
• https://access.redhat.com/errata/RHSA-2024:0811
• https://bugzilla.redhat.com/show_bug.cgi?id=2179272
• https://exchange.xforce.ibmcloud.com/vulnerabilities/250349
• https://www.ibm.com/support/pages/node/7144861 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• IBM-7144861

Frequently Asked Questions

• What is the vulnerability ID of this vulnerability?

  The vulnerability ID of this vulnerability is CVE-2023-28486.

• What is the title of this vulnerability?

  The title of this vulnerability is "Sudo before 1.9.13 does not escape control characters in log messages."

• How does the vulnerability affect the software?

  The vulnerability affects Sudo before version 1.9.13.

• What is the severity of CVE-2023-28486?

  The severity of CVE-2023-28486 is medium with a CVSS score of 5.3.

• How can I fix the CVE-2023-28486 vulnerability?

  To fix the CVE-2023-28486 vulnerability, you should update Sudo to version 1.9.13 or later.