6 matches found
CVE-2019-6454
CVE-2019-6454 affects systemd’s bus_process_object() which allocates a large stack buffer for the object path in D-Bus messages. A locally unprivileged user can send a crafted message to PID1, causing the stack pointer to jump past guard pages and crash systemd PID1, potentially triggering a kern...
CVE-2018-15688
CVE-2018-15688 is a buffer/heap overwrite in the dhcpv6 option handling of systemd-networkd (systemd up to 239). A malicious DHCPv6 server on the same network could trigger an out-of-bounds write, potentially causing a Denial of Service or code execution. Affected products include systemd with ve...
CVE-2018-16866
CVE-2018-16866 is a systemd-journald out-of-bounds read vulnerability. The flaw arises in how journald parses log messages that terminate with a colon, allowing a local attacker to disclose process memory data. Affected versions are reported as v221–v239. Public advisories and vendor notes (e.g.,...
CVE-2018-15686
CVE-2018-15686 affects systemd up to version 239, where unit_deserialize can be manipulated via NotifyAccess to inject arbitrary state across re-execution, potentially enabling root privilege escalation. Exploitation has been demonstrated (e.g., exploit-db link in references). Remediation is to u...
CVE-2018-21029
CVE-2018-21029 affects systemd 239–245, where DNS over TLS accepts any CA-signed certificate because hostname validation is not performed with the GnuTLS backend and SNI is not sent. This creates potential exposure of confidentiality/integrity/availability for DNS over TLS connections, with CVSS ...
CVE-2026-29111
CVE-2026-29111: systemd local unprivileged user can trigger an assert via an unprivileged IPC API call with spurious data. The issue affects versions from v239 onward; older than v239 are not affected, while v249 and older exhibited stack overwriting, attacker-controlled content. Patches exist in...