CVE-2018-16865

Published: 11 January 2019

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (237-3ubuntu10.11)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (229-4ubuntu21.15)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not built)