CVE-2023-31438

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-31438

CGA ID

CGA-5c4g-h87q-qf2x

Severity

Unknown

Description

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."

References

https://images.chainguard.dev/security/CGA-5c4g-h87q-qf2x
https://github.com/advisories/GHSA-m3qw-f5f6-m6r3
https://github.com/kastel-security/Journald
https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf
https://github.com/systemd/systemd/pull/28886
https://github.com/systemd/systemd/releases
https://security-tracker.debian.org/tracker/CVE-2023-31438

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-31438

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources