CVE-2022-3821

CWE-1939 documents8 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 91.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Systemd Project SystemdFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedNov 8
Latest updateMar 7

Description

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debiansystemd< 247.3-7+deb11u2+3
Ubuntusystemd< 237-3ubuntu10.57+4
CVEListV5systemdFixed in systemd v252-rc1

Also affects: Fedora 35, Enterprise Linux 8.0, 9.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
systemd vulnerabilities2023-03-07
GHSA
GHSA-cwpv-5v9v-5797: An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util2022-11-09
OSV
CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util2022-11-08
CVEList
CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util2022-11-08

📋Vendor Advisories

4
Ubuntu
systemd vulnerabilities2023-03-07
Microsoft
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_2022-11-08
Red Hat
systemd: buffer overrun in format_timespan() function2022-07-08
Debian
CVE-2022-3821: systemd - An off-by-one Error issue was discovered in Systemd in format_timespan() functio...2022