Memory Leak in systemd

Do your applications use this vulnerable package? Test your applications

Overview

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the _CMDLINE= entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

References

Debian Security Announcement
Debian Security Tracker
REDHAT
RHSA Security Advisory
RedHat Bugzilla Bug
Security Focus

Attack Vector

Local
Attack Complexity

Low
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

Low

CVE: CVE-2019-3815
CWE: CWE-401
Snyk ID: SNYK-DEBIAN9-SYSTEMD-305184
Disclosed: 28 Jan, 2019
Published: 18 Jan, 2019

Memory Leak
Affecting systemd package, versions <232-25+deb9u8

Overview

References

CVSS Score

Memory Leak Affecting systemd package, versions <232-25+deb9u8

Overview

References

Memory Leak
Affecting systemd package, versions <232-25+deb9u8