Vulnerability Details : CVE-2018-16865
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2018-16865
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 11 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-16865
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
Red Hat, Inc. |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-16865
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2018-16865
-
http://seclists.org/fulldisclosure/2019/May/21
Full Disclosure: Re: System Down: A systemd-journald exploitMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/05/10/4
oss-security - Re: System Down: A systemd-journald exploitMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0361
RHSA-2019:0361 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html
[SECURITY] [DLA 1639-1] systemd security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3855-1/
USN-3855-1: systemd vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHBA-2019:0327
RHBA-2019:0327 - Bug Fix Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/106525
systemd-journald CVE-2018-16865 Stack Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://seclists.org/bugtraq/2019/May/25
Bugtraq: Re: System Down: A systemd-journald exploitMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20190117-0001/
January 2019 Systemd-journald Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0049
RHSA-2019:0049 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0271
RHSA-2019:0271 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/07/20/2
oss-security - CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1)Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html
System Down: A systemd-journald Exploit ≈ Packet StormThird Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865
1653861 – (CVE-2018-16865) CVE-2018-16865 systemd: stack overflow when receiving many journald entriesIssue Tracking;Patch
-
https://access.redhat.com/errata/RHSA-2019:2402
RHSA-2019:2402 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2019/dsa-4367
Debian -- Security Information -- DSA-4367-1 systemdThird Party Advisory
-
https://security.gentoo.org/glsa/201903-07
systemd: Multiple vulnerabilities (GLSA 201903-07) — Gentoo securityThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0342
RHSA-2019:0342 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.qualys.com/2019/01/09/system-down/system-down.txt
Exploit;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:0204
RHSA-2019:0204 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Products affected by CVE-2018-16865
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*