{"id":"CVE-2018-16866","details":"An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.","modified":"2026-05-18T05:51:33.316955569Z","published":"2019-01-11T19:29:00.233Z","related":["CGA-52f7-9w5j-v945","SUSE-SU-2019:0135-1","SUSE-SU-2019:0137-1","openSUSE-SU-2019:0098-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"18.10"}],"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux"},{"extracted_events":[{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"debian:debian_linux"},{"extracted_events":[{"last_affected":"7.6"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux"},{"extracted_events":[{"last_affected":"7.6"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_compute_node_eus"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_desktop"},{"extracted_events":[{"last_affected":"7_s390x"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_\\(structure_a\\):7_s390x:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_for_ibm_z_systems_(structure_a)"},{"extracted_events":[{"last_affected":"7.6"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_for_ibm_z_systems_eus"},{"extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_for_power_big_endian"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.6"}],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_for_power_big_endian_eus"},{"extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_for_power_little_endian"},{"extracted_events":[{"last_affected":"7.6"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_for_power_little_endian_eus"},{"extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_for_scientific_computing"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server"},{"extracted_events":[{"last_affected":"7.4"},{"last_affected":"7.6"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server_aus"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.4"},{"last_affected":"7.6"}],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.4"},{"last_affected":"7.6"}],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server_tus"},{"extracted_events":[{"last_affected":"7.4"},{"last_affected":"7.6"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server_update_services_for_sap_solutions"},{"extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_workstation"}]},"references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2019/May/21"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/05/10/4"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106527"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2091"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3222"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0593"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/May/25"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201903-07"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190117-0001/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3855-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4367"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866"},{"type":"EVIDENCE","url":"https://www.qualys.com/2019/01/09/system-down/system-down.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/systemd/systemd","events":[{"introduced":"ff99498535bbc97601d89925fd81cd3ac9120994"},{"last_affected":"de7436b02badc82200dc127ff190b8155769b8e7"}],"database_specific":{"cpe":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"221"},{"last_affected":"239"}],"source":"CPE_FIELD"}}],"versions":["v239","v238","v237","v236","v235","v234","v233","v232","v231","v230","v229","v228","v227","v226","v225","v224","v223","v222","v221"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16866.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/systemd/systemd-stable","events":[{"introduced":"ff99498535bbc97601d89925fd81cd3ac9120994"},{"last_affected":"de7436b02badc82200dc127ff190b8155769b8e7"}],"database_specific":{"cpe":"cpe:2.3:a:systemd_project:systemd:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"221"},{"last_affected":"239"}],"source":"CPE_FIELD"}}],"versions":["v239","v238","v237","v236","v235","v234","v233","v232","v231","v230","v229","v228","v227","v226","v225","v224","v223","v222","v221"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16866.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}