CVE-2022-3821: 
NixOS vulnerability analysis and mitigation

An off-by-one error vulnerability was discovered in systemd's format_timespan() function of time-util.c (CVE-2022-3821). The vulnerability was reported on July 7, 2022, and affects systemd versions prior to 251.3. The issue allows an attacker to supply specific values for time and accuracy parameters that lead to a buffer overrun (NVD, Ubuntu).

The vulnerability exists in the formattimespan() function where n = MIN((sizet) k, l) can assign the buffer size l to n. Subsequently, p += n causes p to point to one byte after the buffer buf, leading to a buffer overwrite in *p=0. This represents an off-by-one error that could be triggered by providing specific time and accuracy values (GitHub Issue). The vulnerability has a CVSS v3.1 Base Score of 5.5 (Medium) with attack vector being Local, attack complexity Low, and privileges required Low (Ubuntu).

The successful exploitation of this vulnerability can lead to a Denial of Service (DoS) condition. When specific values for time and accuracy are supplied to the format_timespan() function, it results in a buffer overrun that could potentially crash the system (NVD).

The vulnerability was fixed in systemd version 251.3 through a patch that corrects the buffer handling in the formattimespan() function. The fix was implemented by changing n = MIN((sizet) k, l) to n = MIN((size_t) k, l-1) (GitHub PR). Users are advised to upgrade their systemd packages to version 251.3 or later to address this vulnerability (Gentoo).