Functional exploit for CVE-2019-18634, a heap buffer overflow that leads to privilege escalation on sudo <=1.8.30 if pwfeedback is enabled.
This repo contains both a single-file script (
self-contained.sh), and the scripts used to generate it (under
Thanks to yuu and Anonymous_ for help in developing this exploit and these scripts.
Credit to Joe Vennix and William Bowling for the original discovery of the bug and the information on exploiting through 1.8.30.