CVE-2018-16865
systemd: stack overflow when receiving many journald entries
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
Se ha descubierto una asignación de memoria sin límites que podría resultar en que la pila choque con otra región de memoria, en systemd-journald, cuando se envían muchas entradas al socket de journal. Un atacante local, o uno remoto si se emplea systemd-journal-remote, podría emplear este error para provocar el cierre inesperado de systemd-journald o ejecutar código con privilegios de journald. Son vulnerables las versiones hasta la v240.
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-09-11 CVE Reserved
- 2019-01-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2019/May/21 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2019/05/10/4 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2021/07/20/2 | Mailing List |
|
| http://www.securityfocus.com/bid/106525 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/May/25 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190117-0001 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.qualys.com/2019/01/09/system-down/system-down.txt | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865 | 2023-02-13 | |
| https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2019:0327 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0049 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0204 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0271 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0342 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:0361 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2019:2402 | 2023-02-13 | |
| https://security.gentoo.org/glsa/201903-07 | 2023-02-13 | |
| https://usn.ubuntu.com/3855-1 | 2023-02-13 | |
| https://www.debian.org/security/2019/dsa-4367 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2018-16865 | 2019-08-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1653861 | 2019-08-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Systemd Project Search vendor "Systemd Project" | Systemd Search vendor "Systemd Project" for product "Systemd" | <= 240 Search vendor "Systemd Project" for product "Systemd" and version " <= 240" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.0.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.1.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.2.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.0.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.1.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.1.0" | - |
Affected
| ||||||