CVE-2018-16866

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Link	Resource
https://www.qualys.com/2019/01/09/system-down/system-down.txt	Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866	Issue Tracking Patch
https://usn.ubuntu.com/3855-1/	Third Party Advisory
http://www.securityfocus.com/bid/106527	Third Party Advisory VDB Entry
https://www.debian.org/security/2019/dsa-4367	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190117-0001/	Third Party Advisory
https://security.gentoo.org/glsa/201903-07	Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/05/10/4	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/May/25	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/May/21	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2091	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3222	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0593	Third Party Advisory

Configuration 1

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_(structure_a):7_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6:*:*:*:*:*:*:*

---

Published : 2019-01-11 07:29

Updated : 2023-02-13 04:52

---

NVD link : CVE-2018-16866

Mitre link : CVE-2018-16866

No products.

CWE-125

Out-of-bounds Read

CWE-200