The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
https://www.sudo.ws/repos/sudo/rev/397722cdd7ec
https://www.sudo.ws/repos/sudo/rev/24a3d9215c64
https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195
https://bugzilla.redhat.com/show_bug.cgi?id=1283635
http://www.openwall.com/lists/oss-security/2015/11/18/22
Source: Mitre, NVD
Published: 2017-10-10
Updated: 2025-04-20
Base Score: 6.9
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
Severity: Medium
Base Score: 7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.00876