CVE-2018-16866

Impact:
Moderate
Public Date:
2019-01-09
Bugzilla:
1653867: CVE-2018-16866 systemd: out-of-bounds read when parsing a crafted syslog message
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.

Find out more about CVE-2018-16866 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Red Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.

Red Hat Virtualization 4:
This vulnerability has been rated as having a security impact of Moderate. After evaluation and in accordance with the criteria noted in the product support life cycle, there are no plans to address this issue in an upcoming release. Please contact Red Hat Support for further information.

CVSS v3 metrics

CVSS3 Base Score 4.3
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (systemd) RHSA-2019:2091 2019-08-06

Affected Packages State

Platform Package State
Red Hat Virtualization 4 rhvm-appliance Will not fix
Red Hat Virtualization 4 redhat-virtualization-host Will not fix
Red Hat Enterprise Linux 8 systemd Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Acknowledgements

Red Hat would like to thank Qualys Research Labs for reporting this issue.

External References

Last Modified