Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 880547 (CVE-2022-3821) - <sys-apps/systemd-{251.3,252_rc1}: off-by-one buffer overflow
Summary: <sys-apps/systemd-{251.3,252_rc1}: off-by-one buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2022-3821
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/systemd/systemd/is...
Whiteboard: A3 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-09 01:10 UTC by John Helmert III
Modified: 2023-05-03 10:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-09 01:10:19 UTC
CVE-2022-3821:

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-09 01:15:39 UTC
Actually, already fixed!

https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-22 16:39:09 UTC
GLSA request filed
Comment 3 Larry the Git Cow gentoo-dev 2023-05-03 10:05:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=00f1bf10331ddbf80ab4cd4a7d5117e69ccef2f7

commit 00f1bf10331ddbf80ab4cd4a7d5117e69ccef2f7
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 10:03:45 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:05:28 +0000

    [ GLSA 202305-15 ] systemd: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/830967
    Bug: https://bugs.gentoo.org/880547
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-15.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)