An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data.
Find out more about CVE-2018-16866 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Red Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 4.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Attack Vector | Adjacent Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | None |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | rhvm-appliance | Will not fix |
| Red Hat Virtualization 4 | redhat-virtualization-host | Will not fix |
| Red Hat Enterprise Linux 7 | systemd | Affected |
Vulmon