CVE-2021-33910

CVE-2021-33910

Name

CVE-2021-33910

Description

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/systemd/systemd/releases
MISC	https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
MISC	https://www.openwall.com/lists/oss-security/2021/07/20/2
GENTOO	https://security.gentoo.org/glsa/202107-48
DEBIAN	https://www.debian.org/security/2021/dsa-4942
MISC	http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
MISC	https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
MISC	https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
MISC	https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
MISC	https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
MISC	https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
Mailing List	http://www.openwall.com/lists/oss-security/2021/08/04/2
Mailing List	http://www.openwall.com/lists/oss-security/2021/08/17/3
Mailing List	http://www.openwall.com/lists/oss-security/2021/09/07/3
CONFIRM	https://security.netapp.com/advisory/ntap-20211104-0008/

Type

URI

MISC

https://github.com/systemd/systemd/releases

MISC

https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9

MISC

https://www.openwall.com/lists/oss-security/2021/07/20/2

GENTOO

https://security.gentoo.org/glsa/202107-48

DEBIAN

https://www.debian.org/security/2021/dsa-4942

MISC

http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html

MISC

https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce

MISC

https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/

MISC

https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538

MISC

https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b

MISC

https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/

Mailing List

http://www.openwall.com/lists/oss-security/2021/08/04/2

Mailing List

http://www.openwall.com/lists/oss-security/2021/08/17/3

Mailing List

http://www.openwall.com/lists/oss-security/2021/09/07/3

CONFIRM

https://security.netapp.com/advisory/ntap-20211104-0008/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:freedesktop:systemd::::::::`	systemd	>= None	< 246.15
`cpe:2.3:a:freedesktop:systemd::::::::`	systemd	>= 247	< 247.8
`cpe:2.3:a:freedesktop:systemd::::::::`	systemd	>= 248	< 248.5
`cpe:2.3:a:freedesktop:systemd::::::::`	systemd	>= 249	< 249.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:*

systemd

>= None

< 246.15

cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:*

systemd

>= 247

< 247.8

cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:*

systemd

>= 248

< 248.5

cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:*

systemd

>= 249

< 249.1

References

Match rules

Vulnerable and fixed packages