CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.1 | $0-$5k | 0.00 |
A vulnerability classified as problematic was found in systemd (version now known). Affected by this vulnerability is some unknown processing of the file /tmp. The manipulation with an unknown input leads to a recursion vulnerability. The CWE definition for the vulnerability is CWE-674. The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. As an impact it is known to affect availability. The summary by CVE is:
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
The weakness was presented 08/24/2022 as 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1. The advisory is shared at github.com. This vulnerability is known as CVE-2021-3997 since 11/22/2021. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1499 for this issue.
Applying the patch 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1 is able to eliminate this problem. The bugfix is ready for download at github.com.
Product
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.2VulDB Meta Temp Score: 5.1
VulDB Base Score: 4.9
VulDB Temp Score: 4.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: RecursionCWE: CWE-674 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
Timeline
11/22/2021 🔍08/24/2022 🔍
08/24/2022 🔍
09/25/2022 🔍
Sources
Advisory: 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1Status: Confirmed
CVE: CVE-2021-3997 (🔍)
Entry
Created: 08/24/2022 09:36Updated: 09/25/2022 09:57
Changes: 08/24/2022 09:36 (40), 09/25/2022 09:57 (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.