CNNVD-202511-1363 Information

CNNVD ID

CNNVD-202511-1363

Related CVE

CVE-2025-64170

• CNNVD Published: 2025-11-12

Description (Chinese)

sudo-rs是Trifecta Tech Foundation开源的一个sudo和su的内存安全实现。 sudo-rs 0.2.7版本至0.2.10之前版本存在安全漏洞，该漏洞源于密码超时后回显输入字符，可能导致部分密码泄露。

Description (English)

Sudo-rs is an open source of Trifecta Tech Foundation, a secure memory of Sudo and Su. Sudo-rs 0.2.7 to 0.2.10 have a security loophole, which stems from the time-out of the password and the subsequent resonance of the entered character, which may lead to a partial leak of the password.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Trifecta Tech Foundation

Published

2025-11-12

Last Modified

2026-02-24

References

https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.10 https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw https://access.redhat.com/security/cve/cve-2025-64170

Patch

https://github.com/trifectatechfoundation/sudo-rs/releases