PT-2022-4312 · Systemd+7 · Systemd+7

Published

2019-02-18

Updated

2024-04-04

CVE-2022-2526

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions systemd (affected versions not specified)

Description A use-after-free issue was found in systemd due to the on stream io() function and dns stream complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. This allows other functions and callbacks to dereference the DNSStream object, causing a use-after-free when the reference is still used later. The issue may be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:6206

ALT-PU-2019-1260

BDU:2022-05168

CESA-2022_6160

CESA-2022_6206

CVE-2022-2526

RHSA-2022:6160

RHSA-2022:6161

RHSA-2022:6162

RHSA-2022:6163

RHSA-2022:6206

RHSA-2022:6551

RHSA-2022_6160

RHSA-2022_6206

RLSA-2022:6206

USN-5583-1

USN-5583-2

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Red Os

Rocky Linux

Ubuntu

Systemd

PT-2022-4312 · Systemd+7 · Systemd+7

CVE-2022-2526

Weakness Enumeration

Related Identifiers

Affected Products

References · 37