CVE-2021-33910
Summary
| CVE | CVE-2021-33910 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-07-20 19:15:00 UTC |
|---|
| Updated | 2023-11-07 03:35:00 UTC |
|---|
| Description | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| CVE-2021-33910 Systemd Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| [SECURITY] Fedora 34 Update: systemd-248.5-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Sequoia: A Deep Root In Linux's Filesystem Layer ≈ Packet Storm |
MISC |
packetstormsecurity.com |
|
| basic/unit-name: do not use strdupa() on a path · systemd/systemd-stable@b006743 · GitHub |
MISC |
github.com |
|
| Debian -- Security Information -- DSA-4942-1 systemd |
DEBIAN |
www.debian.org |
|
| basic/unit-name: do not use strdupa() on a path · systemd/systemd-stable@cfd14c6 · GitHub |
MISC |
github.com |
|
| oss-security - Re: Pop!_OS Membership to linux-distros list |
MLIST |
www.openwall.com |
|
| basic/unit-name: do not use strdupa() on a path by keszybz · Pull Request #20256 · systemd/systemd · GitHub |
MISC |
github.com |
|
| Releases · systemd/systemd · GitHub |
MISC |
github.com |
|
| basic/unit-name: do not use strdupa() on a path · systemd/systemd-stable@4a1c5f3 · GitHub |
MISC |
github.com |
|
| Merge pull request #20256 from keszybz/one-alloca-too-many · systemd/systemd@b34a4f0 · GitHub |
MISC |
github.com |
|
| cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf |
CONFIRM |
cert-portal.siemens.com |
|
| [SECURITY] Fedora 34 Update: systemd-248.5-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| oss-security - Re: Pop!_OS Membership to linux-distros list |
MLIST |
www.openwall.com |
|
| FEDORA-2021-166e461c8d |
FEDORA |
lists.fedoraproject.org |
|
| oss-security - Re: Pop!_OS Membership to linux-distros list |
MLIST |
www.openwall.com |
|
| oss-security - CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID
1) |
MISC |
www.openwall.com |
|
| systemd: Multiple vulnerabilities (GLSA 202107-48) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| [SECURITY] Fedora 33 Update: systemd-246.15-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| basic/unit-name: do not use strdupa() on a path · systemd/systemd-stable@764b741 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159309 Oracle Enterprise Linux Security Update for systemd (ELSA-2021-2717)
- 178709 Debian Security Update for systemd (DSA 4942-1)
- 178711 Debian Security Update for systemd (DLA 2715-1)
- 179870 Debian Security Update for systemd (CVE-2021-33910)
- 198434 Ubuntu Security Notification for systemd vulnerabilities (USN-5013-1)
- 239496 Red Hat Update for systemd (RHSA-2021:2724)
- 239499 Red Hat Update for systemd (RHSA-2021:2721)
- 239503 Red Hat Update for systemd (RHSA-2021:2717)
- 239520 Red Hat Update for OpenShift Container Platform 4.7.21 (RHSA-2021:2763)
- 281733 Fedora Security Update for systemd (FEDORA-2021-2a6ba64260)
- 281739 Fedora Security Update for systemd (FEDORA-2021-166e461c8d)
- 375711 Linux systemd Denial of Service Vulnerability
- 590976 Siemens SCALANCE LPE9403 Third-Party Multiple Vulnerabilities (ICSA-22-167-09) (SSA-222547)
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 6140178 AWS Bottlerocket Security Update for systemd (GHSA-x6h2-jvgx-gwph)
- 670729 EulerOS Security Update for systemd (EulerOS-SA-2021-2487)
- 670821 EulerOS Security Update for systemd (EulerOS-SA-2021-2700)
- 670837 EulerOS Security Update for systemd (EulerOS-SA-2021-2725)
- 710021 Gentoo Linux systemd Multiple vulnerabilities (GLSA 202107-48)
- 750843 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:2405-1)
- 750845 OpenSUSE Security Update for the systemd (openSUSE-SU-2021:2404-1)
- 750846 OpenSUSE Security Update for the systemd (openSUSE-SU-2021:2410-1)
- 750865 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:2423-1)
- 750892 OpenSUSE Security Update for systemd (openSUSE-SU-2021:1082-1)
- 751002 OpenSUSE Security Update for systemd (openSUSE-SU-2021:2809-1)
- 751220 OpenSUSE Security Update for systemd (openSUSE-SU-2021:3348-1)
- 751244 OpenSUSE Security Update for systemd (openSUSE-SU-2021:1370-1)
- 751324 SUSE Enterprise Linux Security Update for systemd (SUSE-SU-2021:3611-1)
- 900239 CBL-Mariner Linux Security Update for systemd 239
- 903616 Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (4642)
- 940289 AlmaLinux Security Update for systemd (ALSA-2021:2717)
- 960011 Rocky Linux Security Update for systemd (RLSA-2021:2717)
