CVE-2018-16864 — HIGH (7.8)

Q: How severe is CVE-2018-16864?

CVE-2018-16864 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16864?

Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.

Vulnerability Description

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Systemd Project	Systemd	<= 240
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.3
Redhat	Enterprise Linux Server Eus	7.4
Redhat	Enterprise Linux Server Tus	7.3
Redhat	Enterprise Linux Workstation	7.0
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	16.04
Oracle	Communications Session Border Controller	8.0.0
Oracle	Enterprise Communications Broker	3.0.0

Related Weaknesses (CWE)

CWE-770

References

http://www.openwall.com/lists/oss-security/2021/07/20/2Mailing List
http://www.securityfocus.com/bid/106523Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHBA-2019:0327Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0049Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0204Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0271Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0342Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0361Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2402Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864Issue TrackingPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00016.htmlThird Party Advisory
https://security.gentoo.org/glsa/201903-07Third Party Advisory
https://security.netapp.com/advisory/ntap-20190117-0001/Third Party Advisory
https://usn.ubuntu.com/3855-1/Third Party Advisory
https://www.debian.org/security/2019/dsa-4367Third Party Advisory

FAQ

What is CVE-2018-16864?

CVE-2018-16864 is a vulnerability with a CVSS score of 7.8 (HIGH). An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls sys...

How severe is CVE-2018-16864?

CVE-2018-16864 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16864?

Check the references section above for vendor advisories and patch information. Affected products include: Systemd Project Systemd, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.