CVE-2021-33910

Public Exploit

Description

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.13%
Vendor Advisory gentoo.org Vendor Advisory debian.org Vendor Advisory fedoraproject.org Vendor Advisory fedoraproject.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9 third party advisory patch
https://www.openwall.com/lists/oss-security/2021/07/20/2 mailing list exploit third party advisory
https://security.gentoo.org/glsa/202107-48 third party advisory vendor advisory
https://www.debian.org/security/2021/dsa-4942 third party advisory vendor advisory
http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html exploit vdb entry third party advisory
https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b third party advisory patch
https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61 third party advisory patch
https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538 third party advisory patch
https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b third party advisory patch
https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce third party advisory patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/ vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/ vendor advisory
http://www.openwall.com/lists/oss-security/2021/08/04/2 mailing list third party advisory patch
http://www.openwall.com/lists/oss-security/2021/08/17/3 mailing list third party advisory patch
http://www.openwall.com/lists/oss-security/2021/09/07/3 mailing list third party advisory patch
https://security.netapp.com/advisory/ntap-20211104-0008/ third party advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

Frequently Asked Questions

What is the severity of CVE-2021-33910?
CVE-2021-33910 has been scored as a medium severity vulnerability.
How to fix CVE-2021-33910?
To fix CVE-2021-33910, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-33910 being actively exploited in the wild?
It is possible that CVE-2021-33910 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.