{"id":"CVE-2023-42465","details":"Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.","modified":"2026-03-20T12:30:33.122994Z","published":"2023-12-22T16:15:08.057Z","related":["ALSA-2024:0811","SUSE-SU-2024:0794-1","SUSE-SU-2024:0794-2","SUSE-SU-2024:0795-1","SUSE-SU-2024:0795-2","SUSE-SU-2024:0796-1","SUSE-SU-2024:0796-2","SUSE-SU-2024:0797-1","SUSE-SU-2024:0797-2","SUSE-SU-2024:0834-1","SUSE-SU-2024:0876-1","SUSE-SU-2024:0876-2","SUSE-SU-2024:0877-1","SUSE-SU-2024:0889-1","SUSE-SU-2024:0890-1","openSUSE-SU-2024:13490-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/09/23/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/09/24/6"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"},{"type":"ADVISORY","url":"https://arxiv.org/abs/2309.02545"},{"type":"ADVISORY","url":"https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240208-0002/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202401-29"},{"type":"ADVISORY","url":"https://www.sudo.ws/releases/changelog/"},{"type":"FIX","url":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2023/12/21/9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sudo-project/sudo","events":[{"introduced":"0"},{"fixed":"f7ae17d3d3281514b673ebb33aa72b990049c378"},{"fixed":"7873f8334c8d31031f8cfa83bd97ac6029309e4f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.9.15"}]}}],"versions":["SUDO_1_3_0","SUDO_1_3_1","SUDO_1_4_0","SUDO_1_5_0","SUDO_1_5_1","SUDO_1_5_2","SUDO_1_5_3","SUDO_1_5_4","SUDO_1_5_6","SUDO_1_5_7","SUDO_1_5_8","SUDO_1_5_9","SUDO_1_6_0","SUDO_1_6_1","SUDO_1_6_2","SUDO_1_6_3","SUDO_1_6_4","SUDO_1_6_5","SUDO_1_6_6","SUDO_1_6_7","SUDO_1_6_8","SUDO_1_6_8p1","SUDO_1_7_0","SUDO_1_7_1","SUDO_1_7_2","SUDO_1_8_0","SUDO_1_9_0","SUDO_1_9_1","SUDO_1_9_10","SUDO_1_9_11","SUDO_1_9_11p1","SUDO_1_9_11p2","SUDO_1_9_11p3","SUDO_1_9_12","SUDO_1_9_12p1","SUDO_1_9_12p2","SUDO_1_9_13","SUDO_1_9_13p1","SUDO_1_9_13p2","SUDO_1_9_13p3","SUDO_1_9_14","SUDO_1_9_14p1","SUDO_1_9_14p2","SUDO_1_9_14p3","SUDO_1_9_2","SUDO_1_9_3","SUDO_1_9_3p1","SUDO_1_9_4","SUDO_1_9_4p1","SUDO_1_9_4p2","SUDO_1_9_5","SUDO_1_9_5p1","SUDO_1_9_5p2","SUDO_1_9_6","SUDO_1_9_6p1","SUDO_1_9_7","SUDO_1_9_7p1","SUDO_1_9_7p2","SUDO_1_9_8","SUDO_1_9_8p1","SUDO_1_9_8p2","SUDO_1_9_9","TAG","v1.3.0","v1.3.1","v1.4.0","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.5.6","v1.5.7","v1.5.8","v1.5.9","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.8p1","v1.7.0","v1.7.1","v1.7.2","v1.8.0","v1.9.0","v1.9.1","v1.9.10","v1.9.11","v1.9.11p1","v1.9.11p2","v1.9.11p3","v1.9.12","v1.9.12p1","v1.9.12p2","v1.9.13","v1.9.13p1","v1.9.13p2","v1.9.13p3","v1.9.14","v1.9.14p1","v1.9.14p2","v1.9.14p3","v1.9.2","v1.9.3","v1.9.3p1","v1.9.4","v1.9.4p1","v1.9.4p2","v1.9.5","v1.9.5p1","v1.9.5p2","v1.9.6","v1.9.6p1","v1.9.7","v1.9.7p1","v1.9.7p2","v1.9.8","v1.9.8p1","v1.9.8p2","v1.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-42465.json","vanir_signatures":[{"digest":{"length":2289,"function_hash":"290321149011227692040355645921663784592"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-104997a0","signature_version":"v1","target":{"function":"sudoers_lookup_check","file":"plugins/sudoers/lookup.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":397,"function_hash":"26757867300866204634704443698805068849"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-28bec54f","signature_version":"v1","target":{"function":"hostlist_matches_int","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":745,"function_hash":"217213310084554344716172361626139892773"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-2efc4efb","signature_version":"v1","target":{"function":"cmnd_matches","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":782,"function_hash":"88772728067151753610291665974013865539"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-348696b1","signature_version":"v1","target":{"function":"cmnd_matches_all","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":320,"function_hash":"241502820632583577837299526761197034377"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-3d122399","signature_version":"v1","target":{"function":"userlist_matches","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":308,"function_hash":"293472089604786536109277252369750454962"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-433d5536","signature_version":"v1","target":{"function":"sudo_auth_end_session","file":"plugins/sudoers/auth/sudo_auth.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":750,"function_hash":"304708570362103603354996270663528289955"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-4930a438","signature_version":"v1","target":{"function":"sudo_passwd_verify","file":"plugins/sudoers/auth/passwd.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":2675,"function_hash":"244249659492604833846857670539870334540"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-57f87572","signature_version":"v1","target":{"function":"verify_user","file":"plugins/sudoers/auth/sudo_auth.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":362,"function_hash":"30212376816980021251432617550109566407"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-6ddf1869","signature_version":"v1","target":{"function":"sudo_auth_cleanup","file":"plugins/sudoers/auth/sudo_auth.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"line_hashes":["294148343802029675348194435992224200181","326852076664580033056015928720411402694","18722027460846074345004700723113989575","310104772663025378577440186040888336764","276268458511698204523208975521340385262","280236753853660482029154853808444313906","267016207709085967032168633274049452980","89683856549339716278586300145569379052","177194539752441268026175902890084552271","5297587811130775662151960604161675490","206699304386956640325819763432297626594"],"threshold":0.9},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-77a8c266","signature_version":"v1","target":{"file":"plugins/sudoers/parse.h"},"deprecated":false,"signature_type":"Line"},{"digest":{"length":3287,"function_hash":"254740916573118839725486634180002186789"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-93052272","signature_version":"v1","target":{"function":"sudoers_lookup_pseudo","file":"plugins/sudoers/lookup.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":283,"function_hash":"55539409675946849729958274477332915587"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-943f239f","signature_version":"v1","target":{"function":"sudo_passwd_verify","file":"plugins/sudoers/auth/passwd.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":1205,"function_hash":"255466185087132067297120578402077955460"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-946e2678","signature_version":"v1","target":{"function":"user_matches","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"line_hashes":["330605735284617253181133278657907515874","299575366069587887334540516300341268009","279332299859655183847369308466205788757","14139927279119818804192299100948776793","204146268438516134552534639583725722050","47144344891655567029579079743508029438","172679168269828837016701782991795066020","82187827646568491659668540644598004382","290690545048279815820543414992520925719","186205355193261207557982123872127251133","111565838944648700025289410989085269695","260080984097963205664631917633924950506","80999582082469376879168754718865147129","9739251356189222954642592996054401204","132022174762416152702763444460435866943","32337872480486436475739767959195447254","186338303772645996088579647928788190753","81441667845725662448114502021656925381","163155403640322326060327041077892855046","225203588156629916492903284257843760440","189887976516451029945063939844753851158","66313393565237895238399336902122607097","2648302239703812899303797546015413927","156613610555761121265746049186160114244","171888140486203031539746762280750966170","307581308322098484325485284485000576103","75407180318704451699303769443305508093","322455728798813972493599576909694826789","140319240511772837921529008966298264512","85920008497321354745927850522528951527","124889572424983059405538654248392379326","141088291288669411511030410709155975545","249194892094308008663284592756761087960","56477495812191879777041179990246826197","28476651909610655804907562590839138548","139064838634518736718799508357982760200","154672389080501086410383197148165672275","318136753231853951518941502218743019173","14139927279119818804192299100948776793","209806911694552760549310841631588571471","278664766618093283433168066686485656618","294897150841844798524890056770811328042","28476651909610655804907562590839138548","286304738404318398352419533219055807443","233260520842128766255884496798562496756","340261012326005280624990489312599714551","14139927279119818804192299100948776793","65995188813428931209769881005313677058","239811270239203291428543245553709340641","24243280424250746721062937868630574473","46653195740178661143280012703489560871"],"threshold":0.9},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-b0899be1","signature_version":"v1","target":{"file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Line"},{"digest":{"line_hashes":["57313799132693429343136819627219355137","280021789421670743355131877224940223273","208805391791511699124257248700919380360","337849798627077274730413891081288518622","318660144872852639336691229439541041558","154447159397292569831495119856676144971","6944583903116125449161031510043932328","59397356013903116917823195052300541976","243877251282033379192516553638342023578","125383521284409600820580074774280017882","332391016173315740363638156128909268742","29502088179562107451629195267479124605","242689846469911730593386102332289997566","27928413734333632325471529596204965854","270227235467126750678339166437717267218","214566152223664071027570935881519628675","5836915677951798316309320676065675028","176281049448085481191207993877835579622","27047008263142497414199807466060082625","222851061939152243749549291724694388726","79715047044701461780467554990930872160","307282179091103948884697019508942225011","45408899947076629998590522512125660623","141362518638999786022262767391551586400","229872882747500587662148249763811177002","127118476651110044612427232951207735384","72383026186500795887753574585734454808","156171893989883365431636339464124106941","70285288934017029043825305499487391662","68660378361618021949407264506259551682","133425474983652180157571473238184942664","79590148949666760685004198757410214134","88913831321616613907226423498411259612","9188809435995244142769752267102709949","4969317084930939166651629885500913059","219484395248412520153804151300344700770","151128353060149271610964400025603980817","64704589644001670061874152238405590523","47988699954726384790788967344409367202","35752902620036370118937678423932089745","278740274981922284322461509639068558954","212123405300538563327335927769869482862","271089242281180373933887599476821621699","216844950900548872168891866022332621067","65643275323146147844878534702749889445","169375980962663689013898403454735370808","99247640254873543629093624818290452128","180325705913889170014218750717432522174","197271572502659809304845721153293714606","155483968041308548683748730348434903235","131538387006540963759008526749461447632","141893361462703422234838745763515038142","151721938690928077636020718238438348851","270227235467126750678339166437717267218","151128353060149271610964400025603980817","64704589644001670061874152238405590523","47988699954726384790788967344409367202","97341445872465832758901775048335305190","327621282952759992212283830186387365314"],"threshold":0.9},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-b14dc057","signature_version":"v1","target":{"file":"plugins/sudoers/auth/sudo_auth.c"},"deprecated":false,"signature_type":"Line"},{"digest":{"length":1224,"function_hash":"246870650827029568611216838179255954482"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-b1e7e9f3","signature_version":"v1","target":{"function":"host_matches","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":1693,"function_hash":"74195197347939910570112127808553417771"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-b6c417a0","signature_version":"v1","target":{"function":"runas_userlist_matches","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":346,"function_hash":"237401055657614124473505925021008420800"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-b7b6e02b","signature_version":"v1","target":{"function":"cmndlist_matches","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":1432,"function_hash":"46395451892669784097002480972168837804"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-bee1607c","signature_version":"v1","target":{"function":"sudoers_lookup","file":"plugins/sudoers/lookup.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":1261,"function_hash":"288579976154531442869480856510844479017"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-c6cea317","signature_version":"v1","target":{"function":"runas_grouplist_matches","file":"plugins/sudoers/match.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"line_hashes":["74476773133703100385954308421798142833","177930533936997617302387261879903423205","280807201628051822871968585302848933142","60986179565818271593609370243688372447","285604901553659263117612017238780867023","38968718287204218568600482772873126119","64122935193562493069631197278202431214","161493487105066770902894556754460230587","58994218750203261827866898791702231620","222952784718076729008916213325490548894","280807201628051822871968585302848933142","60986179565818271593609370243688372447","256314443036657297494186421858948335244","205204821257741478099276002154115900316","176643519395551035572526226477491613051","58798044906395009685992483835052587120","265141536570160171271904479067159417062","43391069488271897039876983130145998394","46266305185211119795249520141056302085","306327730327683411383027433462077517020","75420837240489263127829640882806724090","329595177194202795045026993507575696683","201028440283430557195594973365362781124","315158646614558604394765092970033838471"],"threshold":0.9},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-cc7325c8","signature_version":"v1","target":{"file":"plugins/sudoers/lookup.c"},"deprecated":false,"signature_type":"Line"},{"digest":{"length":1447,"function_hash":"264127499187821316591674712898028566824"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-d5cc00d1","signature_version":"v1","target":{"function":"sudo_auth_init","file":"plugins/sudoers/auth/sudo_auth.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"length":384,"function_hash":"32285156320142513696649777597684608290"},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-ec5c88fa","signature_version":"v1","target":{"function":"sudo_auth_begin_session","file":"plugins/sudoers/auth/sudo_auth.c"},"deprecated":false,"signature_type":"Function"},{"digest":{"line_hashes":["136443486989730977398145642920137116848","199227932004152807990662120588851527897","226900377465677269944585287560569904989","262026908042950928613097469167680995841","86451506933760205696962777856469806785","275544120766371975106004059251788390545","103292191531875317149046229279518834136","319318658165566252545028077157469671178","118523700901557076015369943427332222347","230684577974056995540107279253409650205","81539662237254086612156898939719964135","128000507604380830273976518856817622380","269627595052815301934244972207554478404","16406612056746805559107531359359730876","302308424346315083428221360026631669577","151383631956515873679425970635063014540","238651286505415231107505602142365075595","117852606966720038097439571261581528604","153605924871233509213094148922782569904","213455618610333829654747416878297076251","208307395051082295705951035520205616374","145437089763631052317821352413726287817","274312558345188529338727163483030029432","115184930266422612484775350223421606015","231839648506195363660271967064919620394","161919845230997142513432208762432586241"],"threshold":0.9},"source":"https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f","id":"CVE-2023-42465-f22c6dcc","signature_version":"v1","target":{"file":"plugins/sudoers/auth/passwd.c"},"deprecated":false,"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}