5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%
Severity: Medium
Date : 2021-07-21
CVE-ID : CVE-2021-33910
Package : systemd
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-2179
The package systemd before version 249.1-1 is vulnerable to denial of
service.
Upgrade to 249.1-1.
The problem has been fixed upstream in version 249.1.
None.
A denial of service security issue has been found in systemd before
version 249.1. A local attacker who is able to mount a filesystem with
a very long path can crash systemd and the whole system through an
attacker-controlled alloca().
A local unprivileged attacker who is able to mount a filesystem with a
very long path can crash systemd and therefore the whole system.
https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt
https://www.qualys.com/2021/07/20/cve-2021-33910/cve-2021-33910-crasher.c
https://bugzilla.redhat.com/show_bug.cgi?id=1970887
https://github.com/systemd/systemd/pull/20256
https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9
https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
https://security.archlinux.org/CVE-2021-33910
bugzilla.redhat.com/show_bug.cgi?id=1970887
github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9
github.com/systemd/systemd/pull/20256
security.archlinux.org/AVG-2179
security.archlinux.org/CVE-2021-33910
www.qualys.com/2021/07/20/cve-2021-33910/cve-2021-33910-crasher.c
www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%