sudo-rs

crates.io5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting sudo-rspage 1 of 1

CVE-2023-42456LOWCVSS 3.1EG 3.1✓ Fixed in 0.2.1
2023-09-21
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a c…
CVE-2025-46717LOWCVSS 3.3EG 3.3✓ Fixed in 0.2.6
2025-05-12
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --l…
CVE-2025-46718LOWCVSS 3.3EG 3.3✓ Fixed in 0.2.6
2025-05-12
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulne…
CVE-2025-64170LOWCVSS 3.8EG 3.8✓ Fixed in 0.2.10
2025-11-12
sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may oc…
CVE-2025-64517MEDIUMCVSS 4.4EG 4.4✓ Fixed in 0.2.10
2025-11-12
sudo-rs is a memory safe implementation of sudo and su written in Rust. With `Defaults targetpw` (or `Defaults rootpw`) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication.…

Check whether sudo-rs is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sudo-rs CVEs against the assets you own.

Start Free Scan →