CVE-2018-16864

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*

History

13 Feb 2023, 04:51

Type Values Removed Values Added
Summary An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges. An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2018-16864', 'name': 'https://access.redhat.com/security/cve/CVE-2018-16864', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1653855', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1653855', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 21:18

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/security/cve/CVE-2018-16864 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1653855 -
Summary An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.

31 Jan 2022, 18:31

Type Values Removed Values Added
CPE cpe:2.3:a:freedesktop:systemd:*:*:*:*:*:*:*:* cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*
First Time Systemd Project
Systemd Project systemd
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/07/20/2 - Mailing List

Information

Published : 2019-01-11 20:29

Updated : 2023-12-10 12:44


NVD link : CVE-2018-16864

Mitre link : CVE-2018-16864

CVE.ORG link : CVE-2018-16864


JSON object : View

Products Affected

redhat

  • enterprise_linux_server_tus
  • enterprise_linux_desktop
  • enterprise_linux_server
  • enterprise_linux_workstation
  • enterprise_linux_server_aus
  • enterprise_linux_server_eus

systemd_project

  • systemd

oracle

  • communications_session_border_controller
  • enterprise_communications_broker

debian

  • debian_linux

canonical

  • ubuntu_linux
CWE
CWE-770

Allocation of Resources Without Limits or Throttling