CVE-2018-16866 - Vulncode-DB

CVE-2018-16866 (NVD)

2019-01-11

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Products	Ubuntu_linux, Debian_linux, Active_iq_performance_analytics_services, Element_software, Enterprise_linux, Enterprise_linux_compute_node_eus, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems_\(Structure_a\), Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_workstation, Systemd
Type	Information Exposure (CWE-200) Out-of-bounds Read (CWE-125)
First patch	- None (likely due to unavailable code)
Links	• https://security.netapp.com/advisory/ntap-20190117-0001/ • https://www.debian.org/security/2019/dsa-4367 • http://seclists.org/fulldisclosure/2019/May/21 • https://usn.ubuntu.com/3855-1/ • http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html More/Less (9) • https://access.redhat.com/errata/RHSA-2020:0593 • https://security.gentoo.org/glsa/201903-07 • http://www.openwall.com/lists/oss-security/2019/05/10/4 • https://seclists.org/bugtraq/2019/May/25 • http://www.securityfocus.com/bid/106527 • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866 • https://access.redhat.com/errata/RHSA-2019:3222 • https://access.redhat.com/errata/RHSA-2019:2091 • https://www.qualys.com/2019/01/09/system-down/system-down.txt