CVE-2018-16865

Publication date 11 January 2019

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

7.8 · High

Score breakdown

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.

Status

Package Ubuntu Release Status
systemd 18.10 cosmic
Fixed 239-7ubuntu10.6
18.04 LTS bionic
Fixed 237-3ubuntu10.11
16.04 LTS xenial
Fixed 229-4ubuntu21.15
14.04 LTS trusty
Not affected

Severity score breakdown

Parameter Value
Base score 7.8 · High
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3855-1
    • systemd vulnerabilities
    • 11 January 2019

Other references