CVE-2012-1101
CVE-2012-1101 is a medium-severity vulnerability in Systemd Project Systemd with a CVSS 3.x base score of 5.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 5.5)
- CVSS v2: 2.1
- EPSS exploit prediction: 0% (32nd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Systemd Project Systemd
- Published:
- Last modified:
Description
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
Frequently asked questions
- What is CVE-2012-1101?
- systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).
- How severe is CVE-2012-1101?
- CVE-2012-1101 has a CVSS 3.x base score of 5.5, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2012-1101 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (32nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2012-1101?
- CVE-2012-1101 affects Systemd Project Systemd. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2012-1101?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2012-1101 published?
- CVE-2012-1101 was published on 2020-03-11 and last updated on 2026-06-16.
References
- http://www.openwall.com/lists/oss-security/2012/03/05/4
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662029
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1101
- https://cgit.freedesktop.org/systemd/systemd/commit/?id=9a46fc3b9014de1bf0ed1f3004a536b08a19ebb3
Affected products (1)
- cpe:2.3:a:systemd_project:systemd:37:*:*:*:*:*:*:*
More vulnerabilities in Systemd Project Systemd
- CVE-2022-2526 — Critical (CVSS 9.8): A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and…
- CVE-2018-21029 — Critical (CVSS 9.8): systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name…
- CVE-2015-7510 — Critical (CVSS 9.8): Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.
- CVE-2017-1000082 — Critical (CVSS 9.8): systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the…
- CVE-2018-15688 — High (CVSS 8.8): A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory…
- CVE-2023-26604 — High (CVSS 7.8): systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible…