CVE-2021-3997

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.

Se ha encontrado un fallo en systemd. Una recursión no controlada en systemd-tmpfiles puede conllevar a una denegación de servicio en el momento del arranque cuando son creados demasiados directorios anidados en /tmp.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-11-22 CVE Reserved
2022-01-13 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-11-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-674: Uncontrolled Recursion

CAPEC

References (5)

URL	Tag	Source
https://access.redhat.com/security/cve/CVE-2021-3997	Issue Tracking

URL	Date	SRC
https://www.openwall.com/lists/oss-security/2022/01/10/2	2024-08-03

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2024639	2023-05-03
https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1	2023-05-03

URL	Date	SRC
https://security.gentoo.org/glsa/202305-15	2023-05-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Systemd Project Search vendor "Systemd Project"		Systemd Search vendor "Systemd Project" for product "Systemd"				>= 240 < 250.2 Search vendor "Systemd Project" for product "Systemd" and version " >= 240 < 250.2"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"		-		Affected