CVE-2021-33910 - Denial of Service (Stack Exhaustion) in systemd (PID 1)

Severity: Medium2021-08-19

Security Advisories

Abstract

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion 4.1 and older versionsMedium Oxygen Content Fusion 4.1.1 build 2021080611

Mitigation

None

Detail

CVE-2021-33910

Severity: Medium

CVSS Score: 5.5

The systemd package used by Oxygen Content Fusion software product is an affected version mentioned in CVE-2021-33910 vulnerability description.

Starting with version 4.1.1 build 2021080611, the systemd package was updated to version 245.4-4ubuntu3.11, which includes a fix for CVE-2021-33910.

List of Security Advisories