A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user's password). Successful exploitation of this flaw could lead to privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
ref.:
RHSB-2021-002 Privilege escalation via command line argument parsing - sudo - (CVE-2021-3156) | Red Hat Customer Portal
Access Red Hat’s knowledge, guidance, and support through your subscription.
access.redhat.com