Off-by-one Error

CVE-2022-3821

Medium

5.5/10

Summary

An off-by-one Error issue was discovered in Systemd in "format_timespan()" function of "time-util.c". An attacker could supply specific values for time and accuracy that leads to buffer overrun in "format_timespan()", leading to a Denial of Service. This issue affects versions prior to 252-rc1.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-193 - Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

References

Advisory
Issue
Pull request
Issue

Advisory Timeline

Published Nov 08, 2022

Off-by-one Error

CVE-2022-3821

Summary

CWE-193 - Off-by-one Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS