An allocation of memory without limits that could result in the stack clashing with another memory region was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

🗓️ 18 Aug 2020 07:00:00Reported by MicrosoftType

Unbounded memory use in systemd-journald from long command lines calling syslog; may crash or escalate privileges.

Reporter	Title	Published	Views	Family All 163
0day.today	systemd-journald Memory Corruption / Information Leak Vulnerability	11 Jan 201900:00	–	zdt
IBM Security Bulletins	Security Bulletin: Vulnerabiliies in systemd affect PowerKVM	4 Mar 201905:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Advanced Cloud Paks are vulnerable to multiple issues with in the Systemd package (CVE-2018-16866 CVE-2018-16864 CVE-2018-16865)	8 Feb 201923:15	–	ibm
IBM Security Bulletins	Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-v	18 Apr 201916:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-3815)	29 Jan 202016:31	–	ibm
ALT Linux	Security fix for the ALT Linux 9 package systemd version 1:240-alt3	8 Jan 201900:00	–	altlinux
Tenable Nessus	Amazon Linux 2 : systemd (ALAS-2019-1141)	10 Jan 201900:00	–	nessus
Tenable Nessus	Amazon Linux 2 : systemd (ALAS-2019-1160)	14 Feb 201900:00	–	nessus
Tenable Nessus	Amazon Linux 2 : systemd (ALAS-2021-1643) (deprecated)	24 May 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : systemd, --advisory ALAS2-2021-1647 (ALAS-2021-1647)	24 Jun 202100:00	–	nessus