CVE-2018-16866
Severity
3.3LOW
EPSS
0.1%
top 81.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJan 11
Latest updateMay 13
Description
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4
Affected Packages7 packages
Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 18.10, Enterprise Linux 7.6, 7, 7.0, 7.4
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-jr8q-jw7m-4m3m: An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'↗2022-05-13
CVEList▶
CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'↗2019-01-11
OSV▶
CVE-2018-16866: An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'↗2019-01-11
📋Vendor Advisories
4Microsoft▶
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions↗2019-01-08
Debian▶
CVE-2018-16866: systemd - An out of bounds read was discovered in systemd-journald in the way it parses lo...↗2018