CVE-2023-31438
ADVISORY - debianSummary
An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."
- systemd (unimportant) Disputed by upstream https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
EPSS Score: 0.001 (0.285)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Validation of Integrity Check Value
Debian
CREATED
UPDATED
ADVISORY IDCVE-2023-31438
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/systemd | deb | debian | 12 | >=252.36-1~deb12u1 | Not yet available |
| debian/systemd | deb | debian | 13 | >=257.7-1 | Not yet available |
| debian/systemd | deb | debian | unstable | >=257.7-1 | Not yet available |
| debian/systemd | deb | debian | 11 | >=247.3-7+deb11u5 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-31438
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.3mediumUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-31438
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.3mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-5c4g-h87q-qf2x
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-