An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0015.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Oracle
  • Communications Session Border Controller
  • Enterprise Communications Broker
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Eus
  • Enterprise Linux Server Tus
  • Enterprise Linux Workstation
  • Rhel Aus
  • Rhel E4s
  • Rhel Eus
  • Rhel Tus
Systemd Project
  • Systemd

Configuration 1 [-]

cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
systemd-0:219-62.el7_6.2 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:0049 2019-01-14T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
systemd-0:219-30.el7_3.13 cpe:/o:redhat:rhel_aus:7.3 RHSA-2019:2402 2019-08-07T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
systemd-0:219-30.el7_3.13 cpe:/o:redhat:rhel_tus:7.3 RHSA-2019:2402 2019-08-07T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
systemd-0:219-30.el7_3.13 cpe:/o:redhat:rhel_e4s:7.3 RHSA-2019:2402 2019-08-07T00:00:00Z
Red Hat Enterprise Linux 7.4 Extended Update Support
systemd-0:219-42.el7_4.13 cpe:/o:redhat:rhel_eus:7.4 RHSA-2019:0271 2019-02-04T00:00:00Z
Red Hat Enterprise Linux 7.5 Extended Update Support
systemd-0:219-57.el7_5.5 cpe:/o:redhat:rhel_eus:7.5 RHSA-2019:0204 2019-01-29T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-release-virtualization-host-0:4.2-8.1.el7 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:0342 2019-02-13T00:00:00Z
redhat-virtualization-host-0:4.2-20190129.0.el7_6 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:0342 2019-02-13T00:00:00Z
rhvm-appliance-0:4.2-20190129.0.el7 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:0361 2019-02-18T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.openwall.com/lists/oss-security/2021/07/20/2 cve-icon cve-icon
http://www.securityfocus.com/bid/106523 cve-icon cve-icon
https://access.redhat.com/errata/RHBA-2019:0327 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0049 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0204 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0271 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0342 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0361 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2402 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-16864 cve-icon
https://security.gentoo.org/glsa/201903-07 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20190117-0001/ cve-icon cve-icon
https://usn.ubuntu.com/3855-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-16864 cve-icon
https://www.debian.org/security/2019/dsa-4367 cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html cve-icon cve-icon
https://www.qualys.com/2019/01/09/system-down/system-down.txt cve-icon cve-icon cve-icon
History

Mon, 09 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-06-09T15:52:14.009Z

Reserved: 2018-09-11T00:00:00.000Z

Link: CVE-2018-16864

cve-icon Vulnrichment

Updated: 2024-08-05T10:32:54.107Z

cve-icon NVD

Status : Modified

Published: 2019-01-11T20:29:00.277

Modified: 2024-11-21T03:53:28.590

Link: CVE-2018-16864

cve-icon Redhat

Severity : Important

Publid Date: 2019-01-09T18:00:00Z

Links: CVE-2018-16864 - Bugzilla

cve-icon OpenCVE Enrichment

No data.