CVE-2019-3844

2025-08-04 08:44:25 +00:00 · 2019-04-26 16:09:43 +02:00 · 2019-04-26 16:09:43 +02:00 · 52216b47a6
commit 52216b47a6
parent bf9c21cfcc
1 changed files with 61 additions and 8 deletions
--- a/2019/3xxx/CVE-2019-3844.json
+++ b/2019/3xxx/CVE-2019-3844.json
@ -1,18 +1,71 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3844",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3844",
+        "ASSIGNER": "mrehak@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "[freedesktop.org]",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "systemd",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "242"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-268"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844",
+                "refsource": "CONFIRM"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "4.5/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}