CVE-2018-16865
systemd: stack overflow when receiving many journald entries
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
Se ha descubierto una asignación de memoria sin límites que podría resultar en que la pila choque con otra región de memoria, en systemd-journald, cuando se envían muchas entradas al socket de journal. Un atacante local, o uno remoto si se emplea systemd-journal-remote, podría emplear este error para provocar el cierre inesperado de systemd-journald o ejecutar código con privilegios de journald. Son vulnerables las versiones hasta la v240.
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.
An update that solves four vulnerabilities and has 7 fixes is now available. This update for systemd provides the following fixes. Fixed two memory corruptions through attacker-controlled allocas. Fixed an information leak in journald. Fixed mishandling of symlinks present in non-terminal path components to tty units VT. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. This update was imported from the SUSE:SLE-15:Update update project.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2018-09-11 CVE Reserved
- 2019-01-09 CVE Published
- 2019-05-13 First Exploit
- 2025-03-30 EPSS Updated
- 2025-06-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2019/May/21 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2019/05/10/4 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2021/07/20/2 | Mailing List |
|
| http://www.securityfocus.com/bid/106525 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/May/25 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190117-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/152841 | 2019-05-13 | |
| https://www.qualys.com/2019/01/09/system-down/system-down.txt | 2025-06-09 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865 | 2023-02-13 | |
| https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2019:0327 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0049 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0204 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0271 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0342 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0361 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:2402 | 2023-02-13 | |
| https://security.gentoo.org/glsa/201903-07 | 2023-02-13 | |
| https://usn.ubuntu.com/3855-1 | 2023-02-13 | |
| https://www.debian.org/security/2019/dsa-4367 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2018-16865 | 2019-08-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1653861 | 2019-08-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Systemd Project Search vendor "Systemd Project" | Systemd Search vendor "Systemd Project" for product "Systemd" | <= 240 Search vendor "Systemd Project" for product "Systemd" and version " <= 240" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.0.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.1.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.2.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.0.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.1.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.1.0" | - |
Affected
| ||||||