#VU66757 Use-after-free in systemd


Published: 2022-08-25

Vulnerability identifier: #VU66757

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2526

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
systemd
Server applications / Other server solutions

Vendor: Freedesktop.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the on_stream_io() and dns_stream_complete() functions in resolved-dns-stream.c, which do not increment the reference counting for the DnsStream object. A remote attacker can send to the system specially crafted DNS responses, trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

systemd: 200 - 239

External links
http://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c
http://bugzilla.redhat.com/show_bug.cgi?id=2109926

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Netcool Operations Insight
Multiple vulnerabilities in Dell XtremIO X2
Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
Multiple vulnerabilities in IBM Security Guardium
Multiple vulnerabilities in IBM Security Verify Bridge
Multiple vulnerabilities in IBM QRadar SIEM
Multiple vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite
Multiple vulnerabilities in IBM Security Verify Access
Multiple vulnerabilities in IBM QRadar Network Packet Capture