CVE-2022-3821: Buffer Overflow
First published: Wed Nov 02 2022(Updated: )
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Systemd Project Systemd | <=251 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Fedoraproject Fedora | =35 | |
| redhat/systemd | <251 | 251 |
| redhat/systemd | <252 | 252 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2139327
- https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
- https://github.com/systemd/systemd/issues/23928
- https://github.com/systemd/systemd/pull/23933
- https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/
- https://security.gentoo.org/glsa/202305-15
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2139355
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2142954
- https://access.redhat.com/errata/RHSA-2023:0100
- https://access.redhat.com/errata/RHSA-2023:0336
- https://access.redhat.com/security/cve/cve-2022-3821
- https://access.redhat.com/errata/RHSA-2024:1105
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/
Frequently Asked Questions
What is CVE-2022-3821?
CVE-2022-3821 is an off-by-one Error issue discovered in Systemd in the format_timespan() function of time-util.c.
What is the severity of CVE-2022-3821?
The severity of CVE-2022-3821 is medium with a CVSS score of 5.5.
How does CVE-2022-3821 affect Systemd?
CVE-2022-3821 affects Systemd versions up to and including 251.
How can an attacker exploit CVE-2022-3821?
An attacker can exploit CVE-2022-3821 by supplying specific values for time and accuracy that lead to a buffer overrun in the format_timespan() function, leading to a Denial of Service.
Where can I find more information about CVE-2022-3821?
You can find more information about CVE-2022-3821 on the following references: [1] https://bugzilla.redhat.com/show_bug.cgi?id=2139327 [2] https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e [3] https://github.com/systemd/systemd/issues/23928
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-3821
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/systemd project
- canonical/systemd project systemd
- version/systemd project systemd/251
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- package-manager/redhat