Bug 880547 (CVE-2022-3821)

Summary:	<sys-apps/systemd-{251.3,252_rc1}: off-by-one buffer overflow
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	systemd
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/systemd/systemd/issues/23928
Whiteboard:	A3 [glsa+]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2022-11-09 01:10:19 UTC

CVE-2022-3821:

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e

Comment 1 John Helmert III archtester

2022-11-09 01:15:39 UTC

Actually, already fixed!

https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7

Comment 2 John Helmert III archtester

2022-11-22 16:39:09 UTC

GLSA request filed

Comment 3 Larry the Git Cow gentoo-dev

2023-05-03 10:05:46 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=00f1bf10331ddbf80ab4cd4a7d5117e69ccef2f7

commit 00f1bf10331ddbf80ab4cd4a7d5117e69ccef2f7
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 10:03:45 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:05:28 +0000

    [ GLSA 202305-15 ] systemd: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/830967
    Bug: https://bugs.gentoo.org/880547
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-15.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)