Allocation of Resources Without Limits or Throttling
Affecting systemd package, versions <232-25+deb9u7
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.
References
- Bugtraq Mailing List
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Tracker
- Gentoo Security Advisory
- MISC
- MISC
- Netapp Security Advisory
- OSS security Advisory
- Oracle Security Advisory
- REDHAT
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RedHat Bugzilla Bug
- Seclists Full Disclosure
- Security Focus
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
CVSS Score
7.8
high severity
-
Attack VectorLocal
-
Attack ComplexityLow
-
Privileges RequiredLow
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2018-16865
- CWE
- CWE-770
- Snyk ID
- SNYK-DEBIAN9-SYSTEMD-305103
- Disclosed
- 11 Jan, 2019
- Published
- 11 Jan, 2019