CVE-2023-31437

Published: 6/13/2023 Last updated: 1/3/2025 Reserved: 4/28/2023

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.3	Medium	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Opam packages affected (2)

conf-libudev ocaml-systemd

Products affected (1)

Product	Vendor	Version
n/a	n/a	10.x before 10.1.1

References (6)

https://github.com/systemd/systemd/releases
https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
https://github.com/kastel-security/Journald
https://github.com/systemd/systemd/releases
https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
https://github.com/kastel-security/Journald