CVE-2018-16866

Name
CVE-2018-16866
Description
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
NVD Severity
low
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://www.qualys.com/2019/01/09/system-down/system-down.txt
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866
Third Party Advisory https://usn.ubuntu.com/3855-1/
Third Party Advisory http://www.securityfocus.com/bid/106527
Third Party Advisory https://www.debian.org/security/2019/dsa-4367
Third Party Advisory https://security.netapp.com/advisory/ntap-20190117-0001/
Third Party Advisory https://security.gentoo.org/glsa/201903-07
MLIST http://www.openwall.com/lists/oss-security/2019/05/10/4
BUGTRAQ https://seclists.org/bugtraq/2019/May/25
MISC http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html
FULLDISC http://seclists.org/fulldisclosure/2019/May/21
REDHAT https://access.redhat.com/errata/RHSA-2019:2091
REDHAT https://access.redhat.com/errata/RHSA-2019:3222
REDHAT https://access.redhat.com/errata/RHSA-2020:0593

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:* systemd >= 221 <= 239

Vulnerable and fixed packages

Source package Branch Version Maintainer Status