CVE-2018-16866

Summary

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Affected Software

VendorProductVersion RangeStatus
The systemd Projectsystemdfrom v221 to v239affected

Weaknesses

  • CWE-125: CWE-125
  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References