4.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.1%
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
[
{
"product": "systemd",
"vendor": "The systemd Project",
"versions": [
{
"status": "affected",
"version": "from v221 to v239"
}
]
}
]
packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html
seclists.org/fulldisclosure/2019/May/21
www.openwall.com/lists/oss-security/2019/05/10/4
www.securityfocus.com/bid/106527
access.redhat.com/errata/RHSA-2019:2091
access.redhat.com/errata/RHSA-2019:3222
access.redhat.com/errata/RHSA-2020:0593
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866
seclists.org/bugtraq/2019/May/25
security.gentoo.org/glsa/201903-07
security.netapp.com/advisory/ntap-20190117-0001/
usn.ubuntu.com/3855-1/
www.debian.org/security/2019/dsa-4367
www.qualys.com/2019/01/09/system-down/system-down.txt
4.3 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.1%