Integer overflow in Systemd_project Systemd

CVE-2013-4391

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a hea…

Vulnerability class: Integer Overflow

EPSS: 0.037 (88.2th percentile) — read the EPSS interpretation.

Affected products

Systemd_project Systemd
Debian Debian_linux — versions 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
GLSA-201612-34 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Mailing List, Third Party Advisory, Issue Tracking)
DSA-2777 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
[oss-security] 20131001 Re: [CVE request] systemd (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch, Vendor Advisory)