CVE-2021-3997

EUVD-2021-27187
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
systemd_projectsystemd
240 ≤
𝑥
< 250.2
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bookworm
252.30-1~deb12u2
fixed
bullseye
247.3-7+deb11u5
fixed
bullseye (security)
247.3-7+deb11u6
fixed
buster
ignored
sid
256.7-3
fixed
stretch
ignored
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
bionic
ignored
focal
Fixed 245.4-4ubuntu3.15
released
hirsute
Fixed 247.3-3ubuntu3.7
released
impish
Fixed 248.3-1ubuntu8.2
released
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2021-3997
https://bugzilla.redhat.com/show_bug.cgi?id=2024639
https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
https://security.gentoo.org/glsa/202305-15
https://www.openwall.com/lists/oss-security/2022/01/10/2
https://access.redhat.com/security/cve/CVE-2021-3997
https://bugzilla.redhat.com/show_bug.cgi?id=2024639
https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
https://security.gentoo.org/glsa/202305-15
https://www.openwall.com/lists/oss-security/2022/01/10/2