Memory Allocation Vulnerability in systemd-journald by Red Hat
CVE-2018-16865

7.5HIGH

Key Information:

Vendor: The Systemd Project
Status: Systemd
Vendor: CVE Published:; 11 January 2019

🔔 Create The Systemd Project Vulnerability Alert

What is CVE-2018-16865?

A vulnerability in systemd-journald leads to unbounded memory allocation, potentially allowing a local or remote attacker (if using systemd-journal-remote) to crash the service or execute arbitrary code with its privileges. This issue arises when numerous entries are sent to the journal socket, causing stack conflicts with adjacent memory regions. Users are advised to update to safe versions to mitigate risks.

Affected Version(s)

systemd through v240

References

https://access.redhat.com/errata/RHSA-2019:0342

vendor-advisoryx_refsource_REDHAT

https://lists.debian.org/debian-lts-announce/2019/01/msg0...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/106525

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2019
Vulnerability Reserved
Sep 11, 2018

CVE-2018-16865 Data

JSON