2139327 – (CVE-2022-3821) CVE-2022-3821 systemd: buffer overrun in format_timespan() function

Bug 2139327 (CVE-2022-3821) - CVE-2022-3821 systemd: buffer overrun in format_timespan() function

Summary: CVE-2022-3821 systemd: buffer overrun in format_timespan() function

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-3821
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2139355 2139388 2139389 2139390 2139391 2139392 2142954
Blocks:	2137787 2140981
TreeView+	depends on / blocked

Reported:	2022-11-02 07:54 UTC by TEJ RATHI
Modified:	2023-12-07 15:28 UTC (History)
CC List:	43 users (show)
Fixed In Version:	systemd 251-stable, systemd 252-rc1
Doc Type:	If docs needed, set a value
Doc Text:	An off-by-one error flaw was found in systemd in the format_timespan() function of time-util.c. This flaw allows an attacker to supply specific values for time and accuracy, leading to a buffer overrun in format_timespan(), leading to a denial of service.
Clone Of:
Environment:
Last Closed:	2023-01-25 14:22:32 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:0100	0	None	None	None	2023-01-12 09:19:04 UTC
Red Hat Product Errata	RHSA-2023:0336	0	None	None	None	2023-01-23 15:21:48 UTC

Description TEJ RATHI 2022-11-02 07:54:19 UTC

Systemd: The format_timespan function in time-util.c triggers buffer overrun with crafted time values. Supplying specific values for time and accuracy leads to buffer overrun in format_timespan, leading to Denial of Service.

References:
https://github.com/systemd/systemd/issues/23928
https://github.com/systemd/systemd/pull/23933
https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e

Comment 1 TEJ RATHI 2022-11-02 09:44:37 UTC

Created systemd tracking bugs for this issue:

Affects: fedora-all [bug 2139355]

Comment 9 juneau 2022-11-15 16:03:49 UTC

Created systemd tracking bugs for this issue:

Affects: fedora-all [bug 2142954]

Comment 14 errata-xmlrpc 2023-01-12 09:19:00 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0100 https://access.redhat.com/errata/RHSA-2023:0100

Comment 15 errata-xmlrpc 2023-01-23 15:21:44 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0336 https://access.redhat.com/errata/RHSA-2023:0336

Comment 16 Product Security DevOps Team 2023-01-25 14:22:28 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3821

Note You need to log in before you can comment on or make changes to this bug.

abrianik
adudiak
bdettelb
bgalvani
caswilli
dffrench
dhalasz
dkuc
fjansen
gzaronik
hbraun
jburrell
jkoehler
jwong
jwon
kaycoth
kshier
kyoshida
lnykryn
lpoetter
lrintel
micjohns
msekleta
ngough
nm-team
psegedy
rgodfrey
rkhan
security-response-team
stcannon
sthirugn
sukulkar
systemd-maint-list
systemd-maint
tcarlin
tfister
till
tmeszaro
tsasak
vkrizan
vkumar
vmugicag
zjedrzej