CVE-2018-16864
systemd: stack overflow when calling syslog from a command with long cmdline
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
Se ha descubierto una asignación de memoria sin límites, que podría resultar en que la pila choque con otra región de memoria, en systemd-journald, cuando un programa con argumentos largos de la línea de comandos llama a syslog. Un atacante local podría emplear este error para provocar el cierre inesperado de systemd-journald o escalar sus privilegios. Son vulnerables las versiones hasta la v240.
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-09-11 CVE Reserved
- 2019-01-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/07/20/2 | Mailing List |
|
| http://www.securityfocus.com/bid/106523 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190117-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.qualys.com/2019/01/09/system-down/system-down.txt | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864 | 2023-02-13 | |
| https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2019:0327 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0049 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0204 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0271 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0342 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0361 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:2402 | 2023-02-13 | |
| https://security.gentoo.org/glsa/201903-07 | 2023-02-13 | |
| https://usn.ubuntu.com/3855-1 | 2023-02-13 | |
| https://www.debian.org/security/2019/dsa-4367 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2018-16864 | 2019-08-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1653855 | 2019-08-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Systemd Project Search vendor "Systemd Project" | Systemd Search vendor "Systemd Project" for product "Systemd" | <= 240 Search vendor "Systemd Project" for product "Systemd" and version " <= 240" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.0.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.1.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.2.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.0.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.1.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.1.0" | - |
Affected
| ||||||