CVE-2023-31439

ADVISORY - debian

Summary

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

systemd (unimportant) Disputed by upstream https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf

EPSS Score⁠: 0.00094 (0.274)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-354⁠

Improper Validation of Integrity Check Value

Impacted images

Advisories

Debian

CREATED

2 years ago

UPDATED

5 hours ago

ADVISORY IDCVE-2023-31439⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/systemd	deb	debian	12	>=252.36-1~deb12u1	Not yet available
debian/systemd	deb	debian	11	>=247.3-7+deb11u5	Not yet available
debian/systemd	deb	debian	unstable	>=257.7-1	Not yet available
debian/systemd	deb	debian	13	>=257.7-1	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

2 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2023-31439⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-354⁠

CVSS SCORE

5.3medium

Ubuntu

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2023-31439⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

Amazon

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY IDALAS2-2024-2636⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Chainguard

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CGA-mhjv-hvjp-g2g6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY