Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-16866

Опубликовано: 11 янв. 2019
Источник: nvd
CVSS3: 4.3
CVSS3: 3.3
CVSS2: 2.1
EPSS Низкий

Описание

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
Версия от 221 (включая) до 239 (включая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:*:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_\(structure_a\):7_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 28%
0.001
Низкий

4.3 Medium

CVSS3

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2018-16866

CVSS3: 3.3
ubuntu
больше 6 лет назад

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

redhat логотип

CVE-2018-16866

CVSS3: 4.3
redhat
больше 6 лет назад

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

msrc логотип

CVE-2018-16866

CVSS3: 3.3
msrc
около 5 лет назад

Описание отсутствует

debian логотип

CVE-2018-16866

CVSS3: 3.3
debian
больше 6 лет назад

An out of bounds read was discovered in systemd-journald in the way it ...

github логотип

GHSA-jr8q-jw7m-4m3m

CVSS3: 3.3
github
больше 3 лет назад

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

EPSS

Процентиль: 28%
0.001
Низкий

4.3 Medium

CVSS3

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125
CWE-125