CVE-2022-3821

systemd: buffer overrun in format_timespan() function

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Se descubrió un problema de error de uno en uno en Systemd en la función format_timespan() de time-util.c. Un atacante podría proporcionar valores específicos de tiempo y precisión que provoquen una saturación del búfer en format_timespan(), lo que provocará una Denegación de Servicio (DoS).

An off-by-one error flaw was found in systemd in the format_timespan() function of time-util.c. This flaw allows an attacker to supply specific values for time and accuracy, leading to a buffer overrun in format_timespan(), leading to a denial of service.

It was discovered that systemd did not properly validate the time and accuracy values provided to the format_timespan function. An attacker could possibly use this issue to cause a buffer overrun, leading to a denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that systemd did not properly manage the fs.suid_dumpable kernel configurations. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-11-02 CVE Reserved
2022-11-08 CVE Published
2025-05-02 CVE Updated
2025-05-02 First Exploit
2025-05-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-193: Off-by-one Error

CAPEC

References (8)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html	Mailing List

URL	Date	SRC
https://github.com/systemd/systemd/issues/23928	2025-05-02

URL	Date	SRC
https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e	2023-11-07
https://github.com/systemd/systemd/pull/23933	2023-11-07

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2139327	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P	2023-11-07
https://security.gentoo.org/glsa/202305-15	2023-11-07
https://access.redhat.com/security/cve/CVE-2022-3821	2024-03-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Systemd Project Search vendor "Systemd Project"		Systemd Search vendor "Systemd Project" for product "Systemd"				<= 251 Search vendor "Systemd Project" for product "Systemd" and version " <= 251"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected