What is CVE-2019-18634?

CVE-2019-18634 is a vulnerability in N/a. Published 2020-01-29.

Is CVE-2019-18634 known to be exploited?

96 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-18634

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the defau…

EPSS: 0.880 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

support.apple.com/kb/HT210919 (x_refsource_CONFIRM)
20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra (mailing-list, x_refsource_BUGTRAQ)
www.sudo.ws/security.html (x_refsource_MISC)
www.sudo.ws/alerts/pwfeedback.html (x_refsource_CONFIRM)
[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled (mailing-list, x_refsource_MLIST)
[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled (mailing-list, x_refsource_MLIST)
20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra (mailing-list, x_refsource_FULLDISC)
DSA-4614 (vendor-advisory, x_refsource_DEBIAN)
[debian-lts-announce] 20200201 [SECURITY] [DLA 2094-1] sudo security update (mailing-list, x_refsource_MLIST)
20200203 [slackware-security] sudo (SSA:2020-031-01) (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2019-18634?: CVE-2019-18634 is a vulnerability in N/a. Published 2020-01-29.
Is CVE-2019-18634 known to be exploited?: 96 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.