systemd-journald CVE-2018-16865 Stack Buffer Overflow Vulnerability

Bugtraq ID:	106525
Class:	Boundary Condition Error
CVE:	CVE-2018-16865
Remote:	Yes
Local:	No
Published:	Jan 09 2019 12:00AM
Updated:	Jan 09 2019 12:00AM
Credit:	Qualys Research Labs
Vulnerable:	systemd systemd 0 Redhat Virtualization 4 Redhat Enterprise Linux 7
Not Vulnerable:

systemd-journald CVE-2018-16865 Stack Buffer Overflow Vulnerability

systemd is prone to a stack-based buffer overflow vulnerability.

Successfully exploiting this vulnerability can allow remote attackers to execute arbitrary code in the context of the application. Failed attempts will likely result in denial-of-service conditions.

systemd-journald CVE-2018-16865 Stack Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

systemd-journald CVE-2018-16865 Stack Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

systemd-journald CVE-2018-16865 Stack Buffer Overflow Vulnerability

References:

• systemd Package (freedesktop.org)
  
• journal-remote: set a limit on the number of fields in a message (Github)
  
• journald: set a limit on the number of fields (1k) (Github)
  
• Bug 1653861 (CVE-2018-16865) - CVE-2018-16865 systemd: stack overflow when recei (Red Hat Bugzilla)
  
• CVE-2018-16865 (Red Hat)