CVE-2019-3815 — Missing Release of Memory after Effective Lifetime in Systemd Project Systemd

CWE-401 — Missing Release of Memory after Effective Lifetime6 documents6 sources

Severity

3.3LOWNVD

CNA7.8

EPSS

0.1%

top 68.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Systemd Project Systemd Debian Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedJan 28

Latest updateMay 13

Description

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

▶CVEListV5the_systemd_project/systemdv219-62.2 and newer

Also affects: Enterprise Linux 7.6, Debian Linux 8.0, Openshift Container Platform 3.11

🔴Vulnerability Details

GHSA

GHSA-c7jw-qwf7-gqxx: A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux↗2022-05-13

▶

CVEList

CVE-2019-3815: A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux↗2019-01-28

▶

📋Vendor Advisories

Red Hat

systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864↗2019-01-14

▶

Debian

CVE-2019-3815: systemd - A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red ...↗2019

▶

💬Community

Bugzilla

CVE-2019-3815 systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864↗2019-01-16

▶