CVE-2021-33910
Advisory lineage Upstream: 0 Downstream: 25
Modified
Published: 20 Jul 2021, 18:13
Last modified:09 Jun 2025, 15:44
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
5.5 MEDIUM
v3.1 (cve.org)
EPSS Score
0.05% LOW
0% probability -0.03%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected
Timeline
20 Jul 2021, 18:13
Published
Vulnerability first disclosed
09 Jun 2025, 15:44
Last Modified
Vulnerability information updated
Description
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS Trends
Current EPSS score: 0.05%• Percentile: 17%
Techniques & Countermeasures
- CWE-770•Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Affected Systems
- debian•debian_linux
10.0
- fedoraproject•fedora
33 | 34
- netapp•hci_management_node
na
- netapp•solidfire
na
- systemd_project•systemd
< 246.15 | ≥ 247, < 247.8 | ≥ 248, < 248.5 | ≥ 249, < 249.1
References (17)
- https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
- https://www.openwall.com/lists/oss-security/2021/07/20/2
- https://security.gentoo.org/glsa/202107-48
- https://www.debian.org/security/2021/dsa-4942
- http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
- https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
- https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
- https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
- https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
- https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
- http://www.openwall.com/lists/oss-security/2021/08/04/2
- http://www.openwall.com/lists/oss-security/2021/08/17/3
- http://www.openwall.com/lists/oss-security/2021/09/07/3
- https://security.netapp.com/advisory/ntap-20211104-0008/
- https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf