An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
13 Feb 2023, 04:52
Type | Values Removed | Values Added |
---|---|---|
Summary | An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. | |
CWE | CWE-200 | |
References |
|
02 Feb 2023, 16:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. |
20 Feb 2022, 06:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_\(structure_a\):7_s390x:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6:*:*:*:*:*:*:* |
|
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/May/25 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2019/05/10/4 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2019/May/21 - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0593 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3222 - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html - Third Party Advisory, VDB Entry | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2091 - Third Party Advisory | |
First Time |
Redhat enterprise Linux For Power Big Endian
Redhat enterprise Linux Compute Node Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux For Power Big Endian Eus Redhat enterprise Linux Desktop Redhat enterprise Linux Server Redhat enterprise Linux Server Tus Redhat enterprise Linux For Ibm Z Systems \(structure A\) Redhat enterprise Linux Workstation Redhat enterprise Linux Server Aus Redhat enterprise Linux Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat Redhat enterprise Linux For Scientific Computing |
28 Jan 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Systemd Project
Systemd Project systemd |
|
CPE | cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:* |
Information
Published : 2019-01-11 19:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-16866
Mitre link : CVE-2018-16866
CVE.ORG link : CVE-2018-16866
JSON object : View
Products Affected
redhat
- enterprise_linux_for_ibm_z_systems_\(structure_a\)
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_for_scientific_computing
- enterprise_linux_for_power_big_endian_eus
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_compute_node_eus
- enterprise_linux_for_power_little_endian
- enterprise_linux_for_power_big_endian
- enterprise_linux_desktop
- enterprise_linux
- enterprise_linux_server_update_services_for_sap_solutions
debian
- debian_linux
netapp
- element_software
- active_iq_performance_analytics_services
systemd_project
- systemd
canonical
- ubuntu_linux