CVE-2018-16864

Published: 11 January 2019

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (237-3ubuntu10.11)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (229-4ubuntu21.15)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not built)