Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sudo | Sudo_project | 1.9.8 (including) | 1.9.13 (excluding) |
Sudo | Sudo_project | 1.9.13 (including) | 1.9.13 (including) |
Sudo | Sudo_project | 1.9.13-p1 (including) | 1.9.13-p1 (including) |