Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.
References
Configurations
History
21 Nov 2024, 01:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 - Issue Tracking, Mailing List, Patch, Third Party Advisory | |
References | () http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e - Exploit, Patch, Vendor Advisory | |
References | () http://www.debian.org/security/2013/dsa-2777 - Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2013/10/01/9 - Mailing List, Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=859051 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/201612-34 - Third Party Advisory |
31 Jan 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:* | |
References | (CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357 - Issue Tracking, Mailing List, Patch, Third Party Advisory |
Information
Published : 2013-10-28 22:55
Updated : 2024-11-21 01:55
NVD link : CVE-2013-4391
Mitre link : CVE-2013-4391
CVE.ORG link : CVE-2013-4391
JSON object : View
Products Affected
debian
- debian_linux
systemd_project
- systemd
CWE
CWE-190
Integer Overflow or Wraparound