CVE-2018-16866

systemd: out-of-bounds read when parsing a crafted syslog message

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Se ha descubierto una lectura fuera de límites en systemd-journald en la forma en la que analiza mensajes de registro que terminan con dos puntos ":". Un atacante local puede emplear este error para divulgar datos de la memoria del proceso. Son vulnerables las versiones desde la v221 hasta la v239.

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.

An update that solves four vulnerabilities and has 7 fixes is now available. This update for systemd provides the following fixes. Fixed two memory corruptions through attacker-controlled allocas. Fixed an information leak in journald. Fixed mishandling of symlinks present in non-terminal path components to tty units VT. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. This update was imported from the SUSE:SLE-15:Update update project.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2018-09-11 CVE Reserved
2019-01-09 CVE Published
2019-05-13 First Exploit
2025-06-09 CVE Updated
2025-07-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-125: Out-of-bounds Read
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (17)

URL	Tag	Source
http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html	Third Party Advisory
http://seclists.org/fulldisclosure/2019/May/21	Mailing List
http://www.openwall.com/lists/oss-security/2019/05/10/4	Mailing List
http://www.securityfocus.com/bid/106527	Third Party Advisory
https://seclists.org/bugtraq/2019/May/25	Mailing List
https://security.netapp.com/advisory/ntap-20190117-0001	Third Party Advisory

URL	Date	SRC
https://packetstorm.news/files/id/152841	2019-05-13
https://www.qualys.com/2019/01/09/system-down/system-down.txt	2025-06-09

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866	2023-02-13

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:2091	2023-02-13
https://access.redhat.com/errata/RHSA-2019:3222	2023-02-13
https://access.redhat.com/errata/RHSA-2020:0593	2023-02-13
https://security.gentoo.org/glsa/201903-07	2023-02-13
https://usn.ubuntu.com/3855-1	2023-02-13
https://www.debian.org/security/2019/dsa-4367	2023-02-13
https://access.redhat.com/security/cve/CVE-2018-16866	2020-04-01
https://bugzilla.redhat.com/show_bug.cgi?id=1653867	2020-04-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Systemd Project Search vendor "Systemd Project"		Systemd Search vendor "Systemd Project" for product "Systemd"				>= 221 <= 239 Search vendor "Systemd Project" for product "Systemd" and version " >= 221 <= 239"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Performance Analytics Services Search vendor "Netapp" for product "Active Iq Performance Analytics Services"				-		-		Affected
Netapp Search vendor "Netapp"		Element Software Search vendor "Netapp" for product "Element Software"				*		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.6 Search vendor "Redhat" for product "Enterprise Linux" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems \(structure A\) Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems \(structure A\)"				7_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems \(structure A\)" and version "7_s390x"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian"				7.0 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian"				7.0 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Scientific Computing Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing"				7.0 Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected