CVE
CVE-2022-2526
| CVE ID |
CVE-2022-2526
|
|---|---|
| CVSS Score |
9.8
|
| Operating System | |
| Affected Versions |
CentOS 8
|
| Patched Versions |
239-51_ol001.el8_5.2
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-2526
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.