CVE-2021-33910

Published: Jul 20, 2021Modified: Jun 9, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Affected (9)

Products: Systemd Project: Systemd · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Systemd Project: Systemd · Fedoraproject: Fedora · Debian: Debian Linux · Netapp: Hci Management Node, Solidfire

1 product

1 product

1 product

2 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Systemd Project Systemd	Before 246.15
Systemd Project Systemd	From 247 to 247.8
Systemd Project Systemd	From 248 to 248.5
Systemd Project Systemd	From 249 to 249.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Hci Management Node	All versions
Netapp Solidfire	All versions

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (34)

http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2021/08/04/2

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/08/17/3

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/09/07/3

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

Source: cve@mitre.org

https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202107-48

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20211104-0008/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2021/dsa-4942

Source: cve@mitre.org

Third Party Advisory

https://www.openwall.com/lists/oss-security/2021/07/20/2

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html