CVE-2022-3821

Published: Nov 8, 2022

Modified: May 2, 2025

PUBLISHED

Description

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Vendor	Product	Versions
n/a	systemd	affected `Fixed in systemd v252-rc1`

Weaknesses (CWE)

CWE-193

References

https://bugzilla.redhat.com/show_bug.cgi?id=2139327

https://github.com/systemd/systemd/issues/23928

https://github.com/systemd/systemd/pull/23933

https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e

FEDORA-2022-8ac4104a02

vendor-advisory

GLSA-202305-15

vendor-advisory

[debian-lts-announce] 20230629 [SECURITY] [DLA 3474-1] systemd security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-3821

Description

Affected Products

Weaknesses (CWE)

References