CVE-2021-33910
- Source
- https://cve.org/CVERecord?id=CVE-2021-33910
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33910.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-33910
- Downstream
- Related
- Published
- 2021-07-20T19:15:09.783Z
- Modified
- 2026-03-03T01:18:34.240253Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
- References
-
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- http://www.openwall.com/lists/oss-security/2021/08/04/2
- http://www.openwall.com/lists/oss-security/2021/08/17/3
- http://www.openwall.com/lists/oss-security/2021/09/07/3
- https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
- https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
- https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
- https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
- https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
- https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
- https://security.gentoo.org/glsa/202107-48
- https://security.netapp.com/advisory/ntap-20211104-0008/
- https://www.debian.org/security/2021/dsa-4942
- https://www.openwall.com/lists/oss-security/2021/07/20/2
- http://www.openwall.com/lists/oss-security/2021/08/04/2
- http://www.openwall.com/lists/oss-security/2021/08/17/3
- http://www.openwall.com/lists/oss-security/2021/09/07/3
- https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
- https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
- https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
- https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
- https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
- https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
- http://www.openwall.com/lists/oss-security/2021/08/04/2
- http://www.openwall.com/lists/oss-security/2021/08/17/3
- http://www.openwall.com/lists/oss-security/2021/09/07/3
- https://www.openwall.com/lists/oss-security/2021/07/20/2
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- https://www.openwall.com/lists/oss-security/2021/07/20/2
Affected packages
Git / github.com/systemd/systemd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/systemd/systemd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2021-33910-42a41d34",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/systemd/systemd/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b",
"target": {
"function": "unit_name_path_escape",
"file": "src/basic/unit-name.c"
},
"digest": {
"length": 450.0,
"function_hash": "238363963586981283236621004435380510899"
},
"signature_type": "Function"
},
{
"id": "CVE-2021-33910-52acdd1c",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/systemd/systemd/commit/764b74113e36ac5219a4b82a05f311b5a92136ce",
"target": {
"file": "src/basic/unit-name.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"295455408269373134352364312047732468871",
"43586261161881030143337695540596514679",
"193731805681192560656540138140781207439",
"234345089565047727780801491425519835287",
"324375921830458711877362487278178510930",
"143913382226387268656648571449825118976",
"249353666783312831483115544398788369827",
"75084033152122151109689042536574316692",
"5644314769794058700180533724555806106",
"65128882235487803307668213270905731123",
"183803556583342230414319689882972533709",
"300206888555267011948129887929833603859",
"234953466923105676125704202346521834640"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2021-33910-7da17968",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/systemd/systemd/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61",
"target": {
"function": "unit_name_path_escape",
"file": "src/basic/unit-name.c"
},
"digest": {
"length": 450.0,
"function_hash": "238363963586981283236621004435380510899"
},
"signature_type": "Function"
},
{
"id": "CVE-2021-33910-930a94be",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/systemd/systemd/commit/b00674347337b7531c92fdb65590ab253bb57538",
"target": {
"function": "unit_name_path_escape",
"file": "src/basic/unit-name.c"
},
"digest": {
"length": 450.0,
"function_hash": "238363963586981283236621004435380510899"
},
"signature_type": "Function"
},
{
"id": "CVE-2021-33910-bca8eed5",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/systemd/systemd/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61",
"target": {
"file": "src/basic/unit-name.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"295455408269373134352364312047732468871",
"43586261161881030143337695540596514679",
"193731805681192560656540138140781207439",
"234345089565047727780801491425519835287",
"324375921830458711877362487278178510930",
"143913382226387268656648571449825118976",
"301897454620019740996020042001306739526",
"75084033152122151109689042536574316692",
"5644314769794058700180533724555806106",
"65128882235487803307668213270905731123",
"183803556583342230414319689882972533709",
"300206888555267011948129887929833603859",
"234953466923105676125704202346521834640"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2021-33910-c6082333",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/systemd/systemd/commit/764b74113e36ac5219a4b82a05f311b5a92136ce",
"target": {
"function": "unit_name_path_escape",
"file": "src/basic/unit-name.c"
},
"digest": {
"length": 442.0,
"function_hash": "13991766979645080629156966034899221242"
},
"signature_type": "Function"
},
{
"id": "CVE-2021-33910-db0877b8",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/systemd/systemd/commit/b00674347337b7531c92fdb65590ab253bb57538",
"target": {
"file": "src/basic/unit-name.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"295455408269373134352364312047732468871",
"43586261161881030143337695540596514679",
"193731805681192560656540138140781207439",
"234345089565047727780801491425519835287",
"324375921830458711877362487278178510930",
"143913382226387268656648571449825118976",
"301897454620019740996020042001306739526",
"75084033152122151109689042536574316692",
"5644314769794058700180533724555806106",
"65128882235487803307668213270905731123",
"183803556583342230414319689882972533709",
"300206888555267011948129887929833603859",
"234953466923105676125704202346521834640"
]
},
"signature_type": "Line"
},
{
"id": "CVE-2021-33910-fc0ade4b",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/systemd/systemd/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b",
"target": {
"file": "src/basic/unit-name.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"295455408269373134352364312047732468871",
"43586261161881030143337695540596514679",
"193731805681192560656540138140781207439",
"234345089565047727780801491425519835287",
"324375921830458711877362487278178510930",
"143913382226387268656648571449825118976",
"301897454620019740996020042001306739526",
"75084033152122151109689042536574316692",
"5644314769794058700180533724555806106",
"65128882235487803307668213270905731123",
"183803556583342230414319689882972533709",
"300206888555267011948129887929833603859",
"234953466923105676125704202346521834640"
]
},
"signature_type": "Line"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33910.json"