asepsaepdin/CVE-2021-3156

CVE-2021-3156 - Heap-Based Buffer Overflow in Sudo

---

⚠️ For educational and authorized security research purposes only

Original Exploit Authors

Very grateful to the original PoC author Qualys Research Team

Description

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Demo

---

Step Guides

1. Install git, then clone the script from the github repository:

   sudo apt install git -y
   git clone https://github.com/asepsaepdin/CVE-2021-3156.git

2. Compile the PoC using command:

   make

3. Run the PoC using command:

   ./exploit

---

Credits

• https://github.com/CptGibbon/CVE-2021-3156
• https://nvd.nist.gov/vuln/detail/CVE-2021-3156
• https://github.com/blasty/CVE-2021-3156