CVE-2021-33910

Published: 20 July 2021

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Priority

High

CVSS 3 base score: 5.5

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (247.3-3ubuntu3.4)
Ubuntu 20.04 LTS (Focal Fossa)
Released (245.4-4ubuntu3.10)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (237-3ubuntu10.49)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (229-4ubuntu21.31+esm1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://github.com/systemd/systemd/pull/20256