CVE-2013-4391

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.
Configurations

Configuration 1 (hide)

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:55

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 - Issue Tracking, Mailing List, Patch, Third Party Advisory () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 - Issue Tracking, Mailing List, Patch, Third Party Advisory
References () http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e - Exploit, Patch, Vendor Advisory () http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e - Exploit, Patch, Vendor Advisory
References () http://www.debian.org/security/2013/dsa-2777 - Third Party Advisory () http://www.debian.org/security/2013/dsa-2777 - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2013/10/01/9 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2013/10/01/9 - Mailing List, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=859051 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=859051 - Issue Tracking, Patch, Third Party Advisory
References () https://security.gentoo.org/glsa/201612-34 - Third Party Advisory () https://security.gentoo.org/glsa/201612-34 - Third Party Advisory

31 Jan 2022, 17:41

Type Values Removed Values Added
CPE cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:* cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
References (CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 - Issue Tracking, Third Party Advisory (CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 - Issue Tracking, Mailing List, Patch, Third Party Advisory

Information

Published : 2013-10-28 22:55

Updated : 2024-11-21 01:55


NVD link : CVE-2013-4391

Mitre link : CVE-2013-4391

CVE.ORG link : CVE-2013-4391


JSON object : View

Products Affected

debian

  • debian_linux

systemd_project

  • systemd
CWE
CWE-190

Integer Overflow or Wraparound