{
  "cve": "CVE-2021-3156",
  "name": "Baron Samedit",
  "description": "A heap-based buffer overflow vulnerability was discovered in sudo's sudoedit command. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation. The vulnerability was introduced in July 2011 and affects sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1.",
  "severity": "high",
  "artifact": {
    "name": "sudo",
    "format": "elf",
    "architecture": "x86_64",
    "os": "linux"
  },
  "original": {
    "package": "sudo",
    "version": "1.8.27-1+deb10u2",
    "distro": "Debian 10 (Buster)",
    "source": "https://snapshot.debian.org/archive/debian/20200202T210747Z/pool/main/s/sudo/sudo_1.8.27-1%2Bdeb10u2_amd64.deb",
    "sha256": "ca4a94e0a49f59295df5522d896022444cbbafdec4d94326c1a7f333fd030038",
    "buildId": "4745ed4a5ed874578a32a78fe7e97d40484a501c",
    "hasDebugSymbols": false,
    "pathInPackage": "/usr/bin/sudo"
  },
  "patched": {
    "package": "sudo",
    "version": "1.8.27-1+deb10u3",
    "distro": "Debian 10 (Buster)",
    "source": "https://snapshot.debian.org/archive/debian-security/20210126T180641Z/pool/updates/main/s/sudo/sudo_1.8.27-1%2Bdeb10u3_amd64.deb",
    "sha256": "421a22aa4ddee60e2c684cf3a01fe1acc8fbe6d7b6b772be50646b17b4375f1a",
    "buildId": "d08e79d1049bbd40918a34037fbec8818eaabfb8",
    "hasDebugSymbols": false,
    "pathInPackage": "/usr/bin/sudo"
  },
  "patch": {
    "commit": "1bec5ece78e7d1d88a47a38dc9e46fbd99d50e33",
    "upstream": "https://github.com/sudo-project/sudo/commit/1bec5ece78e7d1d88a47a38dc9e46fbd99d50e33",
    "functionsChanged": [
      "set_cmnd",
      "sudoedit_setup"
    ],
    "filesChanged": [
      "src/sudoers.c",
      "src/sudoedit.c"
    ],
    "summary": "Fix heap-based buffer overflow when parsing backslash-escaped characters in the sudoedit command"
  },
  "advisories": [
    {
      "source": "debian",
      "id": "DSA-4839-1",
      "url": "https://www.debian.org/security/2021/dsa-4839"
    },
    {
      "source": "nvd",
      "id": "CVE-2021-3156",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3156"
    },
    {
      "source": "qualys",
      "id": "Baron Samedit",
      "url": "https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit"
    }
  ],
  "expectedDiff": {
    "sectionsChanged": [
      ".text"
    ],
    "sectionsIdentical": [
      ".rodata",
      ".data"
    ],
    "verdict": "patched",
    "confidenceMin": 0.9
  },
  "createdAt": "2026-01-13T14:00:00Z",
  "createdBy": "StellaOps Golden Pairs Tool v1.0.0"
}