{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2012-02-01T00:55:02Z",
  "id": "CVE-2012-0809",
  "details": "Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.sudo.ws/sudo/alerts/sudo_debug.html"
    },
    {
      "type": "EVIDENCE",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt"
    },
    {
      "type": "EVIDENCE",
      "url": "http://www.sudo.ws/sudo/alerts/sudo_debug.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html"
    }
  ]
}