{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-3997", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T17:16:02.914Z", "dateReserved": "2021-11-22T00:00:00", "datePublished": "2022-08-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp."}], "affected": [{"vendor": "n/a", "product": "systemd", "versions": [{"version": "Fixed in v251-rc1", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024639"}, {"url": "https://www.openwall.com/lists/oss-security/2022/01/10/2"}, {"url": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"}, {"url": "https://access.redhat.com/security/cve/CVE-2021-3997"}, {"name": "GLSA-202305-15", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-15"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-674 - Uncontrolled Recursion", "cweId": "CWE-674"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:16:02.914Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024639", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2022/01/10/2", "tags": ["x_transferred"]}, {"url": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2021-3997", "tags": ["x_transferred"]}, {"name": "GLSA-202305-15", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-15"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D5DB179-3322-4645-BF16-007AE6A8378D", "versionEndExcluding": "250.2", "versionStartIncluding": "240", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp."}, {"lang": "es", "value": "Se ha encontrado un fallo en systemd. Una recursi\u00f3n no controlada en systemd-tmpfiles puede conllevar a una denegaci\u00f3n de servicio en el momento del arranque cuando son creados demasiados directorios anidados en /tmp."}], "id": "CVE-2021-3997", "lastModified": "2024-11-21T06:23:20.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-23T20:15:08.670", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3997"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024639"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202305-15"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/01/10/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3997"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/01/10/2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "bugzilla": {"description": "systemd: Uncontrolled recursion in systemd-tmpfiles when removing files", "id": "2024639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024639"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-674", "details": ["A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-3997", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "impact": "low", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-01-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3997\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3997\nhttps://www.openwall.com/lists/oss-security/2022/01/10/2"], "statement": "Red Hat Enterprise Linux 8 has a default 1024 nofile limit, thus preventing `systemd-tmpfiles` from exhausting its stack and crashing. For this reason, this flaw has been rated as having a security impact of Low on Red Hat Enterprise Linux 8. For more information on default ulimit values, please see https://access.redhat.com/solutions/4482841.\nThe systemd version of Red Hat Enterprise Linux 9 is not affected by this issue, as the fix was back ported to it when the systemd package was rebased for upstream's v250 version on RHBA-2022:3979.\nIn OpenShift Container Platform (OCP) systemd package was shipped with OCP 4.7 as a one-off instance and all the later OCP releases (4.8, 4.9) are using systemd from RHEL 8. Hence, the systemd package shipped with OCP 4.7 will not be fixed and the fix will be consumed from RHEL 8.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-674: Uncontrolled Recursion vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nInput validation controls ensure that inputs triggering recursion are validated to stay within safe limits, which reduces the risk of infinite or excessive recursion. The implementation of least functionality on the platform further restricts potential impacts of recursions by disabling unnecessary recursive functions or features, thus reducing the available pathways for a would-be attacker. The inclusion of developer testing and evaluation ensures that recursive functions are tested and that safeguards like error handling are in place. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation can limit impacts to a single process.", "threat_severity": "Moderate"}