Описание
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| systemd | fixed | 260.1-1 | package | |
| systemd | not-affected | trixie | package | |
| systemd | not-affected | bookworm | package | |
| systemd | not-affected | bullseye | package |
Примечания
https://github.com/systemd/systemd/security/advisories/GHSA-848h-497j-8vjq
Introduced with: https://github.com/systemd/systemd/commit/799392286ec0797c0a2a1260c444360b47ef36fc (v260-rc1)
Fixed by: https://github.com/systemd/systemd/commit/924f5a3461512ac8126fe4423329e3ca802b4d20 (main)
Fixed by: https://github.com/systemd/systemd/commit/6f3074088a9f89f89d3188f7b3b4f0ddc0cfc73b (v260.1)
EPSS
Связанные уязвимости
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
A flaw was found in systemd. A local unprivileged user can exploit this vulnerability by making an Inter-Process Communication (IPC) API call with a specially crafted array or map containing a null element. This can trigger an assert, leading to a Denial of Service (DoS) condition, which makes the system unavailable.
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.
EPSS