An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan() leading to a Denial of Service.

🗓️ 17 Nov 2022 08:00:00Reported by MicrosoftType

Off-by-one error in systemd format_timespan() can cause buffer overrun and denial of service via crafted values.

Reporter	Title	Published	Views	Family All 148
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to systemd denial of service and information disclosure vulnerabilities( CVE-2022-3821, CVE-2022-4415)	6 Jul 202317:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	30 Mar 202315:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libxml2, expat, libtasn1 and systemd	25 Jan 202316:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in systemd may affect IBM Storage Scale System	12 Dec 202311:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in systemd (CVE-2022-3821)	31 Mar 202317:02	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2022-3821 may affect IBM CICS TX Advanced 10.1	8 Jun 202318:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	30 Mar 202316:55	–	ibm
Tenable Nessus	Amazon Linux 2 : systemd (ALAS-2022-1899)	7 Dec 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0025: systemd (ALINUX3-SA-2023:0025)	14 May 202500:00	–	nessus