CVE-2018-16864
Severity
7.8HIGH
EPSS
0.1%
top 65.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJan 11
Latest updateMay 13
Description
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages9 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 18.10, Enterprise Linux 7.3, 7.6, 7.4
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-h53q-m6g5-wfq9: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a↗2022-05-13
OSV▶
CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a↗2019-01-11
CVEList▶
CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a↗2019-01-11
📋Vendor Advisories
5Microsoft▶
An allocation of memory without limits that could result in the stack clashing with another memory region was discovered in systemd-journald when a program with long command line arguments calls syslo↗2019-01-08
Debian▶
CVE-2018-16864: systemd - An allocation of memory without limits, that could result in the stack clashing ...↗2018
💬Community
3Bugzilla▶
CVE-2019-3815 systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864↗2019-01-16
Bugzilla▶
CVE-2018-16864 systemd: stack overflow when calling syslog from a command with long cmdline [fedora-all]↗2019-01-10
Bugzilla▶
CVE-2018-16864 systemd: stack overflow when calling syslog from a command with long cmdline↗2018-11-27