CVE-2023-31437

ADVISORY - debian

Summary

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

systemd (unimportant) Disputed by upstream https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf

EPSS Score⁠: 0.00128 (0.331)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-354⁠

Improper Validation of Integrity Check Value

Impacted images

Advisories

Debian

CREATED

2 years ago

UPDATED

4 hours ago

ADVISORY IDCVE-2023-31437⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/systemd	deb	debian	12	>=252.36-1~deb12u1	Not yet available
debian/systemd	deb	debian	11	>=247.3-7+deb11u5	Not yet available
debian/systemd	deb	debian	13	>=257.7-1	Not yet available
debian/systemd	deb	debian	unstable	>=257.7-1	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

2 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2023-31437⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-354⁠

CVSS SCORE

5.3medium

Ubuntu

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-31437⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-5cpj-mmg6-5h3v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY