CVE-2018-16864 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	7.4 HIGH	LOCAL	HIGH	NONE	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 42%

Vendor	Product	Version
systemd_project	systemd	𝑥 ≤ 240
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server	7.4
redhat	enterprise_linux_server	7.5
redhat	enterprise_linux_server	7.6
redhat	enterprise_linux_server_aus	7.3
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_eus	7.4
redhat	enterprise_linux_server_eus	7.6
redhat	enterprise_linux_server_tus	7.3
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_workstation	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
oracle	communications_session_border_controller	8.0.0
oracle	communications_session_border_controller	8.1.0
oracle	communications_session_border_controller	8.2.0
oracle	enterprise_communications_broker	3.0.0
oracle	enterprise_communications_broker	3.1.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

systemd

bullseye	247.3-7+deb11u5 fixed
bullseye (security)	247.3-7+deb11u6 fixed
bookworm	252.30-1~deb12u2 fixed
sid	256.7-3 fixed
trixie	256.7-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

systemd

cosmic	Fixed 239-7ubuntu10.6 released
bionic	Fixed 237-3ubuntu10.11 released
xenial	Fixed 229-4ubuntu21.15 released
trusty	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

http://www.openwall.com/lists/oss-security/2021/07/20/2

http://www.securityfocus.com/bid/106523

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2019:0049

https://access.redhat.com/errata/RHSA-2019:0204

https://access.redhat.com/errata/RHSA-2019:0271

https://access.redhat.com/errata/RHSA-2019:0342

https://access.redhat.com/errata/RHSA-2019:0361

https://access.redhat.com/errata/RHSA-2019:2402

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864

https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html

https://security.gentoo.org/glsa/201903-07

https://security.netapp.com/advisory/ntap-20190117-0001/

https://usn.ubuntu.com/3855-1/

https://www.debian.org/security/2019/dsa-4367

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.qualys.com/2019/01/09/system-down/system-down.txt

http://www.openwall.com/lists/oss-security/2021/07/20/2

http://www.securityfocus.com/bid/106523

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2019:0049

https://access.redhat.com/errata/RHSA-2019:0204

https://access.redhat.com/errata/RHSA-2019:0271

https://access.redhat.com/errata/RHSA-2019:0342

https://access.redhat.com/errata/RHSA-2019:0361

https://access.redhat.com/errata/RHSA-2019:2402

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864

https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html

https://security.gentoo.org/glsa/201903-07

https://security.netapp.com/advisory/ntap-20190117-0001/

https://usn.ubuntu.com/3855-1/

https://www.debian.org/security/2019/dsa-4367

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.qualys.com/2019/01/09/system-down/system-down.txt