Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-16864

Опубликовано: 11 янв. 2019
Источник: debian

Описание

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
systemdfixed240-4package

Примечания

  • Introduced in: https://github.com/systemd/systemd/commit/ae018d9bc900d6355dea4af05119b49c67945184 (v203)

  • Exploitable since: https://github.com/systemd/systemd/commit/ac2e41f5103ce2c679089c4f8fb6be61d7caec07 (v230)

  • Fixed by: https://github.com/systemd/systemd/commit/084eeb865ca63887098e0945fb4e93c852b91b0f

  • Fixes for master: https://github.com/systemd/systemd/pull/11374

  • https://www.openwall.com/lists/oss-security/2019/01/09/3

  • https://www.qualys.com/2019/01/09/system-down/system-down.txt

Связанные уязвимости

ubuntu логотип

CVE-2018-16864

CVSS3: 7.8
ubuntu
больше 6 лет назад

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

redhat логотип

CVE-2018-16864

CVSS3: 7.4
redhat
больше 6 лет назад

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

nvd логотип

CVE-2018-16864

CVSS3: 7.8
nvd
больше 6 лет назад

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

msrc логотип

CVE-2018-16864

CVSS3: 7.8
msrc
около 5 лет назад

Описание отсутствует

github логотип

GHSA-h53q-m6g5-wfq9

CVSS3: 7.8
github
больше 3 лет назад

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.