Unrated severityNVD Advisory· Published Nov 8, 2022· Updated May 2, 2025

CVE-2022-3821

Description

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

Affected products

Systemd/Systemddescription
osv-coords36 versions
pkg:apk/chainguard/py3.10-systemd pkg:apk/chainguard/py3.11-systemd pkg:apk/chainguard/py3.12-systemd pkg:apk/chainguard/py3.13-systemd pkg:apk/chainguard/py3-supported-systemd pkg:apk/chainguard/py3-systemd pkg:rpm/almalinux/systemd pkg:rpm/almalinux/systemd-container pkg:rpm/almalinux/systemd-devel pkg:rpm/almalinux/systemd-journal-remote pkg:rpm/almalinux/systemd-libs pkg:rpm/almalinux/systemd-oomd pkg:rpm/almalinux/systemd-pam pkg:rpm/almalinux/systemd-resolved pkg:rpm/almalinux/systemd-rpm-macros pkg:rpm/almalinux/systemd-tests pkg:rpm/almalinux/systemd-udev pkg:rpm/opensuse/systemd&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/systemd&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/systemd&distro=openSUSE%20Leap%20Micro%205.2 pkg:rpm/opensuse/systemd&distro=openSUSE%20Tumbleweed pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/systemd&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/systemd&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/systemd&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0+ 35 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 239-68.el8_7.1
- (no CPE)range: < 239-68.el8_7.1
- (no CPE)range: < 239-68.el8_7.1
- (no CPE)range: < 239-68.el8_7.1
- (no CPE)range: < 239-68.el8_7.1
- (no CPE)range: < 250-12.el9_1.1
- (no CPE)range: < 239-68.el8_7.1
- (no CPE)range: < 250-12.el9_1.1
- (no CPE)range: < 250-12.el9_1.1
- (no CPE)range: < 239-68.el8_7.1
- (no CPE)range: < 239-68.el8_7.1
- (no CPE)range: < 246.16-150300.7.54.1
- (no CPE)range: < 249.12-150400.8.13.1
- (no CPE)range: < 246.16-150300.7.54.1
- (no CPE)range: < 254.5-3.1
- (no CPE)range: < 246.16-150300.7.54.1
- (no CPE)range: < 246.16-150300.7.54.1
- (no CPE)range: < 249.12-150400.8.13.1
- (no CPE)range: < 246.16-150300.7.54.1
- (no CPE)range: < 249.12-150400.8.13.1
- (no CPE)range: < 228-150.108.2
- (no CPE)range: < 228-150.108.2
- (no CPE)range: < 228-150.108.2
- (no CPE)range: < 228-157.43.2
- (no CPE)range: < 228-150.108.2
- (no CPE)range: < 228-157.43.2
- (no CPE)range: < 228-157.43.2
- (no CPE)range: < 254.18-1.1
- (no CPE)range: < 228-150.108.2
- (no CPE)range: < 228-150.108.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/mitrevendor-advisory
security.gentoo.org/glsa/202305-15mitrevendor-advisory
lists.debian.org/debian-lts-announce/2023/06/msg00036.htmlmitremailing-list
bugzilla.redhat.com/show_bug.cgimitre
github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4emitre
github.com/systemd/systemd/issues/23928mitre
github.com/systemd/systemd/pull/23933mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000