Memory Leak Vulnerability in Red Hat Enterprise Linux Systemd
CVE-2019-3815

3.3LOW

Key Information:

Vendor: The Systemd Project
Status: Systemd
Vendor: CVE Published:; 28 January 2019

🔔 Create The Systemd Project Vulnerability Alert

What is CVE-2019-3815?

A memory leak has been identified in the Red Hat Enterprise Linux systemd component, specifically in the function dispatch_message_real() within journald-server.c. This vulnerability occurs when the memory allocated for storing the _CMDLINE= entry by set_iovec_field_free() is not freed. A local attacker can exploit this flaw, potentially leading to a crash of the systemd-journald service. This issue affects all versions shipped with Red Hat Enterprise Linux starting from v219-62.2.

Affected Version(s)

systemd v219-62.2 and newer

References

https://lists.debian.org/debian-lts-announce/2019/03/msg0...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/106632

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2019:0201

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2019
Vulnerability Reserved
Jan 3, 2019

CVE-2019-3815 Data

JSON