2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.1%
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ‘:’. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.
packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html
seclists.org/fulldisclosure/2019/May/21
www.openwall.com/lists/oss-security/2019/05/10/4
www.securityfocus.com/bid/106527
access.redhat.com/errata/RHSA-2019:2091
access.redhat.com/errata/RHSA-2019:3222
access.redhat.com/errata/RHSA-2020:0593
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866
seclists.org/bugtraq/2019/May/25
security.gentoo.org/glsa/201903-07
security.netapp.com/advisory/ntap-20190117-0001/
usn.ubuntu.com/3855-1/
www.debian.org/security/2019/dsa-4367
www.qualys.com/2019/01/09/system-down/system-down.txt
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.1%