CVE-2016-7795Improper Input Validation in Project Systemd

CWE-20Improper Input ValidationCWE-617Reachable Assertion8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 63.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Systemd Project SystemdCanonical Ubuntu Linux
Timeline
PublishedOct 13
Latest updateMay 17

Description

The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debiansystemd_project/systemd< 231-9+3

Also affects: Ubuntu Linux 16.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-r5cr-2q2m-4c59: The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 han2022-05-17
OSV
CVE-2016-7795: The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 han2016-10-13
CVEList
CVE-2016-7795: The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 han2016-10-13

📋Vendor Advisories

2
Red Hat
systemd: Assertion failure when PID 1 receives a zero-length message over notify socket2016-09-28
Debian
CVE-2016-7795: systemd - The manager_invoke_notify_message function in systemd 231 and earlier allows loc...2016

💬Community

2
Bugzilla
CVE-2016-7796 systemd: freeze when PID 1 receives a zero-length message over notify socket2016-10-05
Bugzilla
CVE-2016-7795 systemd: Assertion failure when PID 1 receives a zero-length message over notify socket2016-09-29
CVE-2016-7795 — Improper Input Validation | cvebase