Fluid Attacks Database

Description

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	systemd	=247.3-6 \|\| =247.3-7 \|\| =247.3-7+deb11u1 \|\| >=0 <247.3-7+deb11u2	247.3-7+deb11u2
debian 12	systemd	>=0 <251.3-1	251.3-1
debian 13	systemd	>=0 <251.3-1	251.3-1
debian 14	systemd	>=0 <251.3-1	251.3-1
rpm rhel7	systemd	-	-
rpm rhel8	systemd	<0:239-68.el8_7.1	0:239-68.el8_7.1
rpm rhel8.6	systemd	<0:239-58.el8_6.13	0:239-58.el8_6.13
rpm rhel9	systemd	<0:250-12.el9_1.1	0:250-12.el9_1.1

Aliases

1. CVE-2022-38212. NVD-2022-38213. OSV-DEBIAN-2022-38214. OSV-2022-38215. SECURITY-TRACKER-CVE-2022-3821

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.