Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via «sudoedit -s» and a command-line argument that ends with a single backslash character:
