CVE-2018-16866

Publication date 11 January 2019

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
systemd	18.10 cosmic	Fixed 239-7ubuntu10.6
	18.04 LTS bionic	Fixed 237-3ubuntu10.11
	16.04 LTS xenial	Fixed 229-4ubuntu21.15
	14.04 LTS trusty	Not affected

How can I get the fixes?
What do statuses mean?

Severity score breakdown

Parameter	Value
Base score	3.3 · Low
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-3855-1
systemd vulnerabilities
11 January 2019

Other references

https://www.cve.org/CVERecord?id=CVE-2018-16866