CVE-2018-16865
Severity
7.8HIGH
EPSS
1.2%
top 20.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJan 11
Latest updateMay 13
Description
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages8 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 18.10, Enterprise Linux 7.3, 7.6, 7.5
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-cwf3-gffj-25fm: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when ma↗2022-05-13
OSV▶
CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when ma↗2019-01-11
CVEList▶
CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when ma↗2019-01-11
📋Vendor Advisories
4Microsoft▶
An allocation of memory without limits that could result in the stack clashing with another memory region was discovered in systemd-journald when many entries are sent to the journal socket. A local a↗2019-01-08
Debian▶
CVE-2018-16865: systemd - An allocation of memory without limits, that could result in the stack clashing ...↗2018