CNNVD-202511-1314 Information

CNNVD ID

CNNVD-202511-1314

Related CVE

CVE-2025-64517

• CNNVD Published: 2025-11-12

Description (Chinese)

sudo-rs是Trifecta Tech Foundation开源的一个sudo和su的内存安全实现。 sudo-rs 0.2.5版本至0.2.10之前版本存在授权问题漏洞，该漏洞源于认证时间戳记录不当，可能导致绕过密码验证。

Description (English)

Sudo-rs is an open source of Trifecta Tech Foundation, a secure memory of Sudo and Su. Sudo-rs 0.2.5 to 0.2.10 had a loophole in the delegation of authority, which stemmed from inadequate authentication time stamping records and could lead to the circumvention of password authentication.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

Trifecta Tech Foundation

Published

2025-11-12

Last Modified

2026-02-24

References

https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.10 https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-q428-6v73-fc4q

Patch

https://github.com/trifectatechfoundation/sudo-rs/releases