Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-45873
HistoryNov 23, 2022 - 11:15 p.m.

CVE-2022-45873

2022-11-2323:15:10
Debian Security Bug Tracker
security-tracker.debian.org
15
cve-2022-45873
systemd 250
systemd 251
parse_elf_object
deadlock
crash
backtrace
exploitation methodology
deeply nested directory
maxconnections
systemd-coredump.socket
unix

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when MaxConnections=16 is set for the systemd/units/systemd-coredump.socket file.

Related

cbl_mariner 2
redhatcve 1
nessus 10
prion 1
cve 1
cvelist 1
nvd 1
veracode 1
osv 4
ubuntucve 1
redhat 2
oraclelinux 1
almalinux 1
openvas 2
gentoo 1
rocky 1
fedora 1
ubuntu 1
cloudfoundry 1
ics 1
cbl_mariner
cbl_mariner
CVE-2022-45873 affecting package systemd-bootstrap for versions less than 250.3-17
2024-03-19 17:21:46
CVE-2022-45873 affecting package systemd for versions less than 250.3-12
2023-01-03 20:57:29
redhatcve
redhatcve
CVE-2022-45873
2022-11-28 18:12:36
nessus
nessus
CBL Mariner 2.0 Security Update: systemd (CVE-2022-45873)
2023-03-20 00:00:00
RHEL 9 : systemd (RHSA-2023:0954)
2023-02-28 00:00:00
Rocky Linux 9 : systemd (RLSA-2023:0954)
2023-04-06 00:00:00
prion
prion
Design/Logic Flaw
2022-11-23 23:15:00
cve
cve
CVE-2022-45873
2022-11-23 23:15:10
cvelist
cvelist
CVE-2022-45873
2022-11-23 00:00:00
nvd
nvd
CVE-2022-45873
2022-11-23 23:15:10
veracode
veracode
Denial Of Service (DoS)
2022-11-25 04:31:41
osv
osv
CVE-2022-45873
2022-11-23 23:15:10
Moderate: systemd security update
2023-04-06 15:53:31
Moderate: systemd security update
2023-02-28 00:00:00
ubuntucve
ubuntucve
CVE-2022-45873
2022-11-23 00:00:00
redhat
redhat
(RHSA-2023:0954) Moderate: systemd security update
2023-02-28 07:53:01
(RHSA-2023:3742) Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
2023-06-21 15:20:50
oraclelinux
oraclelinux
systemd security update
2023-03-01 00:00:00
almalinux
almalinux
Moderate: systemd security update
2023-02-28 00:00:00
openvas
openvas
Fedora: Security Advisory for systemd (FEDORA-2022-ef4f57b072)
2022-12-31 00:00:00
Ubuntu: Security Advisory (USN-5928-1)
2023-03-07 00:00:00
gentoo
gentoo
systemd: Multiple Vulnerabilities
2024-05-04 00:00:00
rocky
rocky
systemd security update
2023-04-06 15:53:31
fedora
fedora
[SECURITY] Fedora 36 Update: systemd-250.9-1.fc36
2022-12-31 01:16:54
ubuntu
ubuntu
systemd vulnerabilities
2023-03-07 00:00:00
cloudfoundry
cloudfoundry
USN-5928-1: systemd vulnerabilities | Cloud Foundry
2023-04-20 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for DEBIANCVE:CVE-2022-45873
cbl_mariner2redhatcve1nessus10prion1cve1cvelist1nvd1veracode1osv4ubuntucve1redhat2oraclelinux1almalinux1openvas2gentoo1rocky1fedora1ubuntu1cloudfoundry1ics1