Описание
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
An off-by-one error flaw was found in systemd in the format_timespan() function of time-util.c. This flaw allows an attacker to supply specific values for time and accuracy, leading to a buffer overrun in format_timespan(), leading to a denial of service.
Отчет
Network Manager uses systemd's format_timespan() only via the FORMAT_TIMESPAN() macro which allocates a 64-byte buffer on the stack. The longest string representing 32bit values in seconds doesn't exceed 34 bytes (for example, "134y 10month 10w 1d 10h 10min 10s"). Since all the values are in exact seconds there is no decimal part to print. Therefore, it doesn't seem possible to trigger the buffer overflow by returning a specially crafted DHCPv6 lease, and the CVE doesn't affect Network Manager.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 7 | systemd | Out of support scope | ||
| Red Hat Enterprise Linux 8 | NetworkManager | Not affected | ||
| Red Hat Enterprise Linux 8 | systemd | Fixed | RHSA-2023:0100 | 12.01.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | systemd | Fixed | RHSA-2024:1105 | 05.03.2024 |
| Red Hat Enterprise Linux 9 | systemd | Fixed | RHSA-2023:0336 | 23.01.2023 |
| Red Hat Enterprise Linux 9 | systemd | Fixed | RHSA-2023:0336 | 23.01.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
An off-by-one Error issue was discovered in Systemd in format_timespan ...
EPSS
5.5 Medium
CVSS3