Forum Discussion

Altostratus

Jan 27, 2021

CVE-2021-3156 | SUDO Heap-based Buffer Overflow

Are any of the BIG-IP versions affected by the recent SUDO vulnerability announcement? I have checked our F5 estate and I don't believe that the SUDO package is installed or used, but I just want to ...

big-ip

security

Marcel_Vanko

Nimbostratus

Jan 28, 2021

I have tried it on F5 v12.1.5.2

testuser@F5v12-1-5-2:~$ sudoedit -s /
sudoedit: /: not a regular file
testuser@F5v12-1-5-2:~$

Test on Linux vm before and after patch

testuser@vm-not-patched:~$ sudoedit -s /
sudoedit: /: not a regular file
testuser@vm-not-patched:~$ 
 
testuser@vm-patched:~$ sudoedit -s /
usage: sudoedit [-AknS] [-r role] [-t type] [-C num] [-g group] [-h host] [-p prompt] [-T timeout] [-u user] file ...
testuser@vm-patched:~$

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

CVE-2021-3156 | SUDO Heap-based Buffer Overflow

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Managing iRules configuration

Changes to DO and AS3 GitHub - no longer monitored

Related Content

IIS 6.0 WebDAV Buffer Overflow

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Big-IQ DCD statistics overflow detection

Disable buffer overflow in json parameters

Attack signature Generic buffer overflow attempt 27 when uplod video

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS