CVE-2018-16866

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
systemd_projectsystemd
221 ≤
𝑥
≤ 239
debiandebian_linux
9.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
netappactive_iq_performance_analytics_services
-
netappelement_software
*
redhatenterprise_linux
7.6
redhatenterprise_linux_compute_node_eus
7.6
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_for_ibm_z_systems_eus
7.6
redhatenterprise_linux_for_power_big_endian
7.0
redhatenterprise_linux_for_power_big_endian_eus
7.6
redhatenterprise_linux_for_power_little_endian
7.0
redhatenterprise_linux_for_power_little_endian_eus
7.6
redhatenterprise_linux_for_scientific_computing
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
7.4
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
7.6
redhatenterprise_linux_server_tus
7.4
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_update_services_for_sap_solutions
7.4
redhatenterprise_linux_server_update_services_for_sap_solutions
7.6
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bookworm
252.30-1~deb12u2
fixed
bullseye
247.3-7+deb11u5
fixed
bullseye (security)
247.3-7+deb11u6
fixed
jessie
not-affected
sid
256.7-3
fixed
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
bionic
Fixed 237-3ubuntu10.11
released
cosmic
Fixed 239-7ubuntu10.6
released
trusty
not-affected
xenial
Fixed 229-4ubuntu21.15
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsystemd0-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
libsystemd0-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
libsystemd0-32bit-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
libsystemd0-32bit-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
libudev-devel-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
libudev1-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
libudev1-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
libudev1-32bit-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
libudev1-32bit-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
systemd-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
systemd-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
systemd-32bit-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
systemd-32bit-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
systemd-bash-completion-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
systemd-bash-completion-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
systemd-container-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
systemd-coredump-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
systemd-devel-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
systemd-sysvinit-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
systemd-sysvinit-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
udev-228
suse enterprise sap 12 SP3
150.58.1
fixed
suse enterprise sap 12 SP4
150.58.1
fixed
suse enterprise server 12 SP2
150.58.1
fixed
suse enterprise server 12 SP3
150.58.1
fixed
suse enterprise server 12 SP4
150.58.1
fixed
udev-234
suse enterprise desktop 15
24.20.1
fixed
suse enterprise desktop 15 SP1
24.20.1
fixed
suse enterprise desktop 15 SP2
24.20.1
fixed
suse enterprise sap 15
24.20.1
fixed
suse enterprise sap 15 SP1
24.20.1
fixed
suse enterprise sap 15 SP2
24.20.1
fixed
suse enterprise server 15
24.20.1
fixed
suse enterprise server 15 SP1
24.20.1
fixed
suse enterprise server 15 SP2
24.20.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libgudev1
RHEL 7
0:219-67.el7
fixed
libgudev1-devel
RHEL 7
0:219-67.el7
fixed
systemd
RHEL 7
0:219-67.el7
fixed
systemd-devel
RHEL 7
0:219-67.el7
fixed
systemd-journal-gateway
RHEL 7
0:219-67.el7
fixed
systemd-libs
RHEL 7
0:219-67.el7
fixed
systemd-networkd
RHEL 7
0:219-67.el7
fixed
systemd-python
RHEL 7
0:219-67.el7
fixed
systemd-resolved
RHEL 7
0:219-67.el7
fixed
systemd-sysv
RHEL 7
0:219-67.el7
fixed
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html
http://seclists.org/fulldisclosure/2019/May/21
http://www.openwall.com/lists/oss-security/2019/05/10/4
http://www.securityfocus.com/bid/106527
https://access.redhat.com/errata/RHSA-2019:2091
https://access.redhat.com/errata/RHSA-2019:3222
https://access.redhat.com/errata/RHSA-2020:0593
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866
https://seclists.org/bugtraq/2019/May/25
https://security.gentoo.org/glsa/201903-07
https://security.netapp.com/advisory/ntap-20190117-0001/
https://usn.ubuntu.com/3855-1/
https://www.debian.org/security/2019/dsa-4367
https://www.qualys.com/2019/01/09/system-down/system-down.txt
http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html
http://seclists.org/fulldisclosure/2019/May/21
http://www.openwall.com/lists/oss-security/2019/05/10/4
http://www.securityfocus.com/bid/106527
https://access.redhat.com/errata/RHSA-2019:2091
https://access.redhat.com/errata/RHSA-2019:3222
https://access.redhat.com/errata/RHSA-2020:0593
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866
https://seclists.org/bugtraq/2019/May/25
https://security.gentoo.org/glsa/201903-07
https://security.netapp.com/advisory/ntap-20190117-0001/
https://usn.ubuntu.com/3855-1/
https://www.debian.org/security/2019/dsa-4367
https://www.qualys.com/2019/01/09/system-down/system-down.txt