basic/unit-name.c in systemd prior to 246.15 247.8 248.5 and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

🗓️ 30 Jul 2021 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 2 Views

Excessive memory allocation in systemd unit name handling enables crash from attacker path.

Reporter	Title	Published	Views	Family All 164
IBM Security Bulletins	Security Bulletin: There is a vulnerability in the systemd used in IBM Elastic Storage System	21 Dec 202118:21	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime	13 Oct 202114:44	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0218: systemd (ALINUX3-SA-2022:0218)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : systemd (ALSA-2021:2717)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : systemd (CESA-2021:2717)	21 Jul 202100:00	–	nessus
Tenable Nessus	Debian DLA-2715-1 : systemd - LTS security update	20 Jul 202100:00	–	nessus
Tenable Nessus	Debian DSA-4942-1 : systemd - security update	20 Jul 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : systemd (EulerOS-SA-2021-2487)	24 Sep 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : systemd (EulerOS-SA-2021-2700)	11 Nov 202100:00	–	nessus

Vulners

Node

microsoft cm1_systemd_239-38Range<-

30 Jul 2021 07:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.9

CVSS 3.15.5

EPSS0.00053

SSVC

systemd unit name memory allocation crash attacker path strdupa alloca