A stack-based buffer overflow vulnerability was found in getpwnam()/getgrnam() functions of NSS module nss-mymachines provided by systemd.
Public via: https://github.com/systemd/systemd/issues/2002
Created systemd tracking bugs for this issue: Affects: fedora-all [bug 1284825]
Upstream patch: https://github.com/keszybz/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888
The bug was introduced with the _nss_mymachines_getpwnam_r() & _nss_mymachines_getgrnam_r() functions, in v223. RHEL7 is currently shipping older versions, and thus is not vulnerable. Statement: This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 7.