{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3821", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:20:58.329Z", "dateReserved": "2022-11-02T00:00:00", "datePublished": "2022-11-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-06-29T00:00:00"}, "descriptions": [{"lang": "en", "value": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service."}], "affected": [{"vendor": "n/a", "product": "systemd", "versions": [{"version": "Fixed in systemd v252-rc1", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139327"}, {"url": "https://github.com/systemd/systemd/issues/23928"}, {"url": "https://github.com/systemd/systemd/pull/23933"}, {"url": "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e"}, {"name": "FEDORA-2022-8ac4104a02", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/"}, {"name": "GLSA-202305-15", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-15"}, {"name": "[debian-lts-announce] 20230629 [SECURITY] [DLA 3474-1] systemd security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-193 - Off-by-one Error", "cweId": "CWE-193"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.329Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", "tags": ["x_transferred"]}, {"url": "https://github.com/systemd/systemd/issues/23928", "tags": ["x_transferred"]}, {"url": "https://github.com/systemd/systemd/pull/23933", "tags": ["x_transferred"]}, {"url": "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-8ac4104a02", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/"}, {"name": "GLSA-202305-15", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-15"}, {"name": "[debian-lts-announce] 20230629 [SECURITY] [DLA 3474-1] systemd security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "52303FA5-37AB-4D24-8121-64BBF929D93B", "versionEndIncluding": "251", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de error de uno en uno en Systemd en la funci\u00f3n format_timespan() de time-util.c. Un atacante podr\u00eda proporcionar valores espec\u00edficos de tiempo y precisi\u00f3n que provoquen una saturaci\u00f3n del b\u00fafer en format_timespan(), lo que provocar\u00e1 una Denegaci\u00f3n de Servicio (DoS)."}], "id": "CVE-2022-3821", "lastModified": "2023-11-07T03:51:50.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-08T22:15:16.700", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139327"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/issues/23928"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/pull/23933"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202305-15"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0100", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "systemd-0:239-68.el8_7.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-01-12T00:00:00Z"}, {"advisory": "RHSA-2024:1105", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "systemd-0:239-58.el8_6.13", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}, {"advisory": "RHSA-2023:0336", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "systemd-0:250-12.el9_1.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-01-23T00:00:00Z"}, {"advisory": "RHSA-2023:0336", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "systemd-0:250-12.el9_1.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-01-23T00:00:00Z"}], "bugzilla": {"description": "systemd: buffer overrun in format_timespan() function", "id": "2139327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139327"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-193", "details": ["An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "An off-by-one error flaw was found in systemd in the format_timespan() function of time-util.c. This flaw allows an attacker to supply specific values for time and accuracy, leading to a buffer overrun in format_timespan(), leading to a denial of service."], "name": "CVE-2022-3821", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-07-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3821\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3821"], "statement": "Network Manager uses systemd's format_timespan() only via the FORMAT_TIMESPAN() macro which allocates a 64-byte buffer on the stack.\nThe longest string representing 32bit values in seconds doesn't exceed 34 bytes (for example, \"134y 10month 10w 1d 10h 10min 10s\"). Since all the values are in exact seconds there is no decimal part to print.\nTherefore, it doesn't seem possible to trigger the buffer overflow by returning a specially crafted DHCPv6 lease, and the CVE doesn't affect Network Manager.", "threat_severity": "Moderate", "upstream_fix": "systemd 251-stable, systemd 252-rc1"}