CVE-2021-33910
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-33910
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33910.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-33910
- Downstream
- Related
- Published
- 2021-07-20T19:15:09Z
- Modified
- 2025-10-31T08:16:59.392175Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
- References
-
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- http://www.openwall.com/lists/oss-security/2021/08/04/2
- http://www.openwall.com/lists/oss-security/2021/08/17/3
- http://www.openwall.com/lists/oss-security/2021/09/07/3
- https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
- https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
- https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
- https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
- https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
- https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
- https://security.gentoo.org/glsa/202107-48
- https://security.netapp.com/advisory/ntap-20211104-0008/
- https://www.debian.org/security/2021/dsa-4942
- https://www.openwall.com/lists/oss-security/2021/07/20/2
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
Affected packages
Git / github.com/systemd/systemd-stable
Affected ranges
- Type
- GIT
- Repo
- https://github.com/systemd/systemd-stable
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixed
Affected versions
Other
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
064
174
175
176
177
178
179
180
181
182
systemd-v1
systemd-v10
systemd-v11
systemd-v12
systemd-v13
systemd-v14
systemd-v15
systemd-v16
systemd-v17
systemd-v18
systemd-v183
systemd-v184
systemd-v185
systemd-v186
systemd-v187
systemd-v188
systemd-v189
systemd-v19
systemd-v190
systemd-v191
systemd-v192
systemd-v193
systemd-v194
systemd-v195
systemd-v196
systemd-v2
systemd-v20
systemd-v21
systemd-v22
systemd-v23
systemd-v24
systemd-v25
systemd-v26
systemd-v27
systemd-v28
systemd-v29
systemd-v3
systemd-v30
systemd-v31
systemd-v32
systemd-v33
systemd-v34
systemd-v35
systemd-v36
systemd-v37
systemd-v38
systemd-v39
systemd-v4
systemd-v40
systemd-v41
systemd-v42
systemd-v43
systemd-v44
systemd-v5
systemd-v6
systemd-v7
systemd-v8
systemd-v9
udev-001
udev-002
udev-003
udev-004
udev-005
udev-006
udev-007
udev-008
udev-009
udev-010
udev-011
udev-012
udev-013
udev-014
udev-015
udev-016
udev-017
udev-018
udev-019
udev-020
udev-021
udev-022
udev-023
udev-024
udev-025
udev-026
udev-027
udev-028
udev-029
udev-030
udev-031
udev-032
udev-033
udev-034
udev-035
udev-036
udev-037
udev-038
udev-039
udev-040
udev-042
udev-043
udev-044
udev-045
udev-046
udev-047
udev-048
udev-049
udev-050
udev-051
udev-052
udev-053
udev-054
udev-055
udev-056
udev-057
udev-058
udev-059
udev-060
udev-061
udev-062
udev-064
udev-174
udev-175
udev-176
udev-177
udev-178
udev-179
udev-180
udev-181
udev-182
v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v183
v184
v185
v186
v187
v188
v189
v19
v190
v191
v192
v193
v194
v195
v196
v197
v198
v199
v2
v20
v200
v201
v202
v203
v204
v205
v206
v207
v208
v209
v21
v210
v211
v212
v213
v214
v215
v216
v217
v218
v219
v22
v220
v221
v222
v223
v224
v225
v226
v227
v228
v229
v23
v230
v231
v232
v233
v234
v235
v236
v237
v238
v239
v24
v240
v241
v241-rc1
v241-rc2
v242
v242-rc1
v242-rc2
v242-rc3
v242-rc4
v243
v243-rc1
v243-rc2
v244
v244-rc1
v245
v245-rc1
v245-rc2
v246
v246-rc1
v246-rc2
v247
v247-rc1
v247-rc2
v248
v248-2
v248-rc1
v248-rc2
v248-rc3
v248-rc4
v249
v249-rc1
v249-rc2
v249-rc3
v25
v26
v27
v28
v29
v3
v30
v31
v32
v33
v34
v35
v36
v37
v38
v39
v4
v40
v41
v42
v43
v44
v5
v6
v7
v8
v9
v243.*
v243.1
v246.*
v246.1
v246.10
v246.11
v246.12
v246.13
v246.14
v246.2
v246.3
v246.4
v246.5
v246.6
v246.7
v246.8
v246.9
v247.*
v247.1
v247.2
v247.3
v247.4
v247.5
v247.6
v247.7
v248.*
v248.1
v248.2
v248.3
v248.4
Database specific
vanir_signatures
[
{
"id": "CVE-2021-33910-1c3f15f3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/basic/unit-name.c"
},
"digest": {
"line_hashes": [
"295455408269373134352364312047732468871",
"43586261161881030143337695540596514679",
"193731805681192560656540138140781207439",
"234345089565047727780801491425519835287",
"324375921830458711877362487278178510930",
"143913382226387268656648571449825118976",
"249353666783312831483115544398788369827",
"75084033152122151109689042536574316692",
"5644314769794058700180533724555806106",
"65128882235487803307668213270905731123",
"183803556583342230414319689882972533709",
"300206888555267011948129887929833603859",
"234953466923105676125704202346521834640"
],
"threshold": 0.9
},
"source": "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce"
},
{
"id": "CVE-2021-33910-1e3e1f7c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/basic/unit-name.c",
"function": "unit_name_path_escape"
},
"digest": {
"function_hash": "238363963586981283236621004435380510899",
"length": 450.0
},
"source": "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b"
},
{
"id": "CVE-2021-33910-21c0842c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/basic/unit-name.c"
},
"digest": {
"line_hashes": [
"295455408269373134352364312047732468871",
"43586261161881030143337695540596514679",
"193731805681192560656540138140781207439",
"234345089565047727780801491425519835287",
"324375921830458711877362487278178510930",
"143913382226387268656648571449825118976",
"301897454620019740996020042001306739526",
"75084033152122151109689042536574316692",
"5644314769794058700180533724555806106",
"65128882235487803307668213270905731123",
"183803556583342230414319689882972533709",
"300206888555267011948129887929833603859",
"234953466923105676125704202346521834640"
],
"threshold": 0.9
},
"source": "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b"
},
{
"id": "CVE-2021-33910-4a17b63f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/basic/unit-name.c",
"function": "unit_name_path_escape"
},
"digest": {
"function_hash": "238363963586981283236621004435380510899",
"length": 450.0
},
"source": "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538"
},
{
"id": "CVE-2021-33910-971cdb97",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/basic/unit-name.c"
},
"digest": {
"line_hashes": [
"295455408269373134352364312047732468871",
"43586261161881030143337695540596514679",
"193731805681192560656540138140781207439",
"234345089565047727780801491425519835287",
"324375921830458711877362487278178510930",
"143913382226387268656648571449825118976",
"301897454620019740996020042001306739526",
"75084033152122151109689042536574316692",
"5644314769794058700180533724555806106",
"65128882235487803307668213270905731123",
"183803556583342230414319689882972533709",
"300206888555267011948129887929833603859",
"234953466923105676125704202346521834640"
],
"threshold": 0.9
},
"source": "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538"
},
{
"id": "CVE-2021-33910-a5efb150",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "src/basic/unit-name.c"
},
"digest": {
"line_hashes": [
"295455408269373134352364312047732468871",
"43586261161881030143337695540596514679",
"193731805681192560656540138140781207439",
"234345089565047727780801491425519835287",
"324375921830458711877362487278178510930",
"143913382226387268656648571449825118976",
"301897454620019740996020042001306739526",
"75084033152122151109689042536574316692",
"5644314769794058700180533724555806106",
"65128882235487803307668213270905731123",
"183803556583342230414319689882972533709",
"300206888555267011948129887929833603859",
"234953466923105676125704202346521834640"
],
"threshold": 0.9
},
"source": "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61"
},
{
"id": "CVE-2021-33910-fe84b142",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/basic/unit-name.c",
"function": "unit_name_path_escape"
},
"digest": {
"function_hash": "13991766979645080629156966034899221242",
"length": 442.0
},
"source": "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce"
},
{
"id": "CVE-2021-33910-ff8fa881",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "src/basic/unit-name.c",
"function": "unit_name_path_escape"
},
"digest": {
"function_hash": "238363963586981283236621004435380510899",
"length": 450.0
},
"source": "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61"
}
]
Git / github.com/systemd/systemd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/systemd/systemd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
064
174
175
176
177
178
179
180
181
182
v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v183
v184
v185
v186
v187
v188
v189
v19
v190
v191
v192
v193
v194
v195
v196
v197
v198
v199
v2
v20
v200
v201
v202
v203
v204
v205
v206
v207
v208
v209
v21
v210
v211
v212
v213
v214
v215
v216
v217
v218
v219
v22
v220
v221
v222
v223
v224
v225
v226
v227
v228
v229
v23
v230
v231
v232
v233
v234
v235
v236
v237
v238
v239
v24
v240
v241
v241-rc1
v241-rc2
v242
v242-rc1
v242-rc2
v242-rc3
v242-rc4
v243
v243-rc1
v243-rc2
v244
v244-rc1
v245
v245-rc1
v245-rc2
v246
v246-rc1
v246-rc2
v247
v247-rc1
v247-rc2
v248
v248-2
v248-rc1
v248-rc2
v248-rc3
v248-rc4
v249
v249-rc1
v249-rc2
v249-rc3
v25
v26
v27
v28
v29
v3
v30
v31
v32
v33
v34
v35
v36
v37
v38
v39
v4
v40
v41
v42
v43
v44
v5
v6
v7
v8
v9
v243.*
v243.1