{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45873", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T14:24:03.197Z", "dateReserved": "2022-11-23T00:00:00", "datePublished": "2022-11-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437"}, {"url": "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553"}, {"url": "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497"}, {"name": "FEDORA-2022-ef4f57b072", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.197Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437", "tags": ["x_transferred"]}, {"url": "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553", "tags": ["x_transferred"]}, {"url": "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-ef4f57b072", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AE4E7F2-A943-44CA-B44F-BDE0F8D09B53", "versionEndIncluding": "251", "versionStartIncluding": "250", "vulnerable": true}, {"criteria": "cpe:2.3:a:systemd_project:systemd:252:rc1:*:*:*:*:*:*", "matchCriteriaId": "55FF285C-8DFC-4A67-A426-1ADE349BEF8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:systemd_project:systemd:252:rc2:*:*:*:*:*:*", "matchCriteriaId": "0E0E4355-1411-43F3-8DCE-700BE15FC71C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file."}, {"lang": "es", "value": "systemd 250 y 251 permiten a los usuarios locales lograr un punto muerto en systemd-coredump al desencadenar un bloqueo que tiene un largo backtrace. Esto ocurre en parse_elf_object enshared/elf-util.c. La metodolog\u00eda de explotaci\u00f3n consiste en bloquear un binario que llama a la misma funci\u00f3n de forma recursiva y colocarlo en un directorio profundamente anidado para que su seguimiento sea lo suficientemente grande como para provocar el punto muerto. Esto se debe hacer 16 veces cuando se establece MaxConnections=16 para el archivo systemd/units/systemd-coredump.socket."}], "id": "CVE-2022-45873", "lastModified": "2024-11-21T07:29:52.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-23T23:15:10.183", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/pull/24853#issuecomment-1326561497"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MS5N5SLYAHKENLAJWYBDKU55ICU3SVZF/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0954", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "systemd-0:250-12.el9_1.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:0954", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "systemd-0:250-12.el9_1.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}], "bugzilla": {"description": "systemd: deadlock in systemd-coredump via a crash with a long backtrace", "id": "2149063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149063"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-833", "details": ["systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.", "A flaw was found in the systemd-coredump utility of systemd. When an application crashes, the systemd-coredump utility is called twice, once by the kernel and the second time in the systemd-coredump@.service to write the data, process, and save the core file. Communication between the programs is made through a pipe, and when there is too much data through a long backtrace or many linked libraries, the pipe blocks while waiting for the data, resulting in a timeout of the systemd-coredump@.service."], "name": "CVE-2022-45873", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-45873\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45873"], "statement": "This vulnerability is only triggered when an application crashes and there is too much data about the crash that needs to be passed to the systemd-coredump utility, specifically more than 65536 bytes, and it will result in a Denial of Service. For this reason, this flaw has been rated as having a moderate security impact.\nThe systemd-coredump utility of systemd as shipped with Red Hat Enterprise Linux 8 does not use the inter-process communication related to this flaw. Therefore, it's not affected.", "threat_severity": "Moderate", "upstream_fix": "systemd 252-rc3"}