CVE-2022-45873

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-45873
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45873.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45873
Downstream
Related
Published
2022-11-23T23:15:10.183Z
Modified
2026-03-14T12:00:36.570274Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

References

Affected packages

Git / github.com/systemd/systemd

Affected ranges

Type
GIT
Repo
https://github.com/systemd/systemd
Events
Introduced
a420d71793bcbc1539a63be60f83cdc14373ea4a
Last affected
b622e95f2f59fcb58e23ddafed745eee26a0f52f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7dbbb3933d3eff9fd6f44fb38c39b9b452933128
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9ca1efbc4624efab1fb30acd79f7b84c53d18206
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7c83341a593160e2b4739bdb8a1ad76b21bbdf9e
Fixed
076b807be472630692c5348c60d0c2b7b28ad437
Database specific 
{
    "versions": [
        {
            "introduced": "250"
        },
        {
            "last_affected": "251"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "252-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "252-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "36"
        }
    ]
}

Affected versions

Other
v250
v251
v251-rc1
v251-rc2
v251-rc3
v252-rc1
v252-rc2

Database specific

vanir_signatures 
[
    {
        "target": {
            "function": "parse_elf_object",
            "file": "src/shared/elf-util.c"
        },
        "id": "CVE-2022-45873-c3787ad2",
        "digest": {
            "function_hash": "59441325756538965850884987738680144644",
            "length": 2545.0
        },
        "source": "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "src/shared/elf-util.c"
        },
        "id": "CVE-2022-45873-e4c98e5a",
        "digest": {
            "line_hashes": [
                "335302405321708938935141396139447868141",
                "8697642566255136586972834532463810006",
                "165316118472527127356869849474597479457",
                "176012190918078567883637533140890888992",
                "76586805774430584948006219143634117807",
                "131809439504104987749757081948358040930",
                "204694553894292713712657883303750991423",
                "25149081735708012731670663668587885756",
                "262753505588102054979328555150575251892",
                "200477040380943634824281176247094748130",
                "207070824076907456731310800294179242202",
                "195325569208689013939052892647214559974",
                "78419687446346223284140477965001469357",
                "25374472437199420228331308369379113330",
                "278861514212515928291602348456102653297",
                "265817781040181873414692713236857902812",
                "286812210026102892882124315784104134172",
                "250825612794042130231410889293438716976",
                "320156420109350792824390978006518495705",
                "142934909001954727484879239751833703574",
                "280488416545389327071463604496060019196",
                "10739368935156455837607182040177420051",
                "19338897423472260498883367470155812439",
                "46770064379441325866531112895884833332",
                "55378196942982274212857241567173145030",
                "290832881425205347568052967243430124077",
                "299973235703449141341453340902261078753",
                "58317034188230598508020871528609599127",
                "277113464624720444567511051036174358258",
                "139438813647028839286574970076643560308"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45873.json"