Your submission was sent successfully! Close

CVE-2021-33910

Published: 20 July 2021

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Priority

High

CVSS 3 base score: 5.5

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
bionic
Released (237-3ubuntu10.49)
focal
Released (245.4-4ubuntu3.10)
groovy
Released (246.6-1ubuntu1.7)
hirsute
Released (247.3-3ubuntu3.4)
impish
Released (248.3-1ubuntu3)
jammy
Released (248.3-1ubuntu3)
trusty Not vulnerable

upstream Needs triage

xenial
Released (229-4ubuntu21.31+esm1)
Patches:
upstream: https://github.com/systemd/systemd/pull/20256