Memory Allocation Flaw in systemd-journald Affects Red Hat
CVE-2018-16864

7.4HIGH

Key Information:

Vendor: The Systemd Project
Status: Systemd
Vendor: CVE Published:; 11 January 2019

🔔 Create The Systemd Project Vulnerability Alert

What is CVE-2018-16864?

A critical memory allocation flaw exists in systemd-journald, which can lead to stack clashes when a program with excessively long command line arguments interacts with syslog. This vulnerability allows a local attacker to potentially crash systemd-journald and may enable privilege escalation. It affects all versions up to 240, making timely updates essential for users to safeguard their systems.

Affected Version(s)

systemd through v240

References

http://www.securityfocus.com/bid/106523

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2019:0342

vendor-advisoryx_refsource_REDHAT

https://lists.debian.org/debian-lts-announce/2019/01/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2019
Vulnerability Reserved
Sep 11, 2018

CVE-2018-16864 Data

JSON