Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [Bug 14056] New: CVE-2021-33910 [SYSTEMD] Memory Allocation with an Excessive Size Value that results in an operating system crash.
@ 2024-06-15 14:59 bugzilla
  0 siblings, 0 replies; only message in thread
From: bugzilla @ 2024-06-15 14:59 UTC (permalink / raw)
  To: buildroot

https://bugs.busybox.net/show_bug.cgi?id=14056

            Bug ID: 14056
           Summary: CVE-2021-33910 [SYSTEMD] Memory Allocation with an
                    Excessive Size Value that results in an operating
                    system crash.
           Product: buildroot
           Version: unspecified
          Hardware: All
                OS: Linux
            Status: RESOLVED
          Severity: critical
          Priority: P5
         Component: Other
          Assignee: unassigned@buildroot.uclibc.org
          Reporter: francisjy.hu@moxa.com
                CC: buildroot@uclibc.org, yann.morin.1998@free.fr
  Target Milestone: ---
            Status: RESOLVED
                CC: yann.morin.1998@free.fr
        Resolution: MOVED

Hi:
There is an systemd issue reported by NVD in
https://nvd.nist.gov/vuln/detail/CVE-2021-33910.
The hyper link is shown below.
https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b

The issue description:
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a
Memory Allocation with an Excessive Size Value (involving strdupa and alloca
for a pathname controlled by a local attacker) that results in an operating
system crash.

--- Comment #1 from Fabrice Fontaine <fontaine.fabrice@gmail.com> ---
systemd has been bumped to version 249.1 since July 20 and
https://git.buildroot.net/buildroot/commit/?id=fbd9566220f2812baeff5dbd727bfc30fe4e93ea
so master is not affected by this CVE. 

However, LTS branches are still using version 247.3, they should be bumped to
247.9.

--- Comment #2 from Yann E. MORIN <yann.morin.1998@free.fr> ---
Thank you for your report.

The issue tracker for the Buildroot project has been moved to
the Gitlab.com issue tracker:
    https://gitlab.com/buildroot.org/buildroot/-/issues

We are taking this opportunity to close old issues in this old
tracker. If you believe your issue is still relevant, please
open one in the new issue tracker.

Thank you!

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2024-06-15 14:59 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-15 14:59 [Buildroot] [Bug 14056] New: CVE-2021-33910 [SYSTEMD] Memory Allocation with an Excessive Size Value that results in an operating system crash bugzilla

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox