CVE-2016-7796

CWE-20 — Improper Input Validation CWE-2537 documents7 sources

Severity

5.5MEDIUM

EPSS

0.4%

top 40.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Suse Linux Enterprise Desktop Novell Suse Linux Enterprise Server Novell Suse Linux Enterprise Server FOR SAP +6 more

Timeline

PublishedOct 13

Latest updateMay 17

Description

The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

▶Debiansystemd< 231-9+3

▶NVDsystemd_project/systemd4 versions+3

▶NVDnovell/suse_linux_enterprise12.0

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-cm6j-6m6x-hmjq: The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received ov↗2022-05-17

▶

OSV

CVE-2016-7796: The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received ov↗2016-10-13

▶

CVEList

CVE-2016-7796: The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received ov↗2016-10-13

▶

📋Vendor Advisories

Red Hat

systemd: freeze when PID 1 receives a zero-length message over notify socket↗2016-09-28

▶

Debian

CVE-2016-7796: systemd - The manager_dispatch_notify_fd function in systemd allows local users to cause a...↗2016

▶

💬Community

Bugzilla

CVE-2016-7796 systemd: freeze when PID 1 receives a zero-length message over notify socket↗2016-10-05

▶