CVE Vulnerability

CVE-2022-3821

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/systemd/systemd/issues/23928 Exploit Issue Tracking
https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e Patch Third Party Advisory
https://github.com/systemd/systemd/pull/23933 Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2139327 Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/ Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Information

Published : 2022-11-08 10:15

Updated : 2022-12-02 10:45

NVD link : CVE-2022-3821

Mitre link : CVE-2022-3821

Products Affected
No products.
CWE
CWE-193

Off-by-one Error