Out-of-bounds Read

Affecting systemd package, versions <232-25+deb9u7

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

References

CVSS Score

3.3
low severity
  • Attack Vector
    Local
  • Attack Complexity
    Low
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE
CVE-2018-16866
CWE
CWE-125 CWE-200
Snyk ID
SNYK-DEBIAN9-SYSTEMD-305058
Disclosed
11 Jan, 2019
Published
11 Jan, 2019