CVE-2018-16866

Published: 11 January 2019

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Priority

Medium

CVSS 3 base score: 3.3

Status

Package Release Status
systemd
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (237-3ubuntu10.11)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (229-4ubuntu21.15)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not built)