CVE-2019-15900

CRITICAL

slicer69 doas <6.2 - Privilege Escalation

Title source: llm

Description

An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking for error cases. Instead, the uninitialized variable errstr was checked and in some cases returned success even if sscanf failed. The result was that, instead of reporting that the supplied username or group name did not exist, it would execute the command as root.

References (2)

[Patch] https://github.com/slicer69/doas/commit/2f83222829448e5bc4c9391d607ec265a1e06531

View Patch ZIP pw:eip

[Release Notes] https://github.com/slicer69/doas/compare/6.1p1...6.2

Scores

CVSS v3 9.8

EPSS 0.0035

EPSS Percentile 57.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-863 CWE-252 CWE-908 CWE-754

Status published

Products (1)

doas_project/doas < 6.2

Published Oct 18, 2019

Tracked Since Feb 18, 2026