CVE-2018-16864 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary code execution
Description	A memory corruption vulnerability has been found in the journald component of systemd >= v230 and <= v240, in the set_iovec_field() function. Passing several megabytes of command-line arguments to a program that calls syslog() led to an attacker-controlled alloca(), which could be used to override the content of the memory, in the stack-clash fashion.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-845	systemd	240.0-3	240.34-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
12 Jan 2019	ASA-201901-9	AVG-845	systemd	High	arbitrary code execution

References
https://www.qualys.com/2019/01/09/system-down/system-down.txt https://github.com/systemd/systemd/pull/11374 https://github.com/systemd/systemd/pull/11374/commits/084eeb865ca63887098e0945fb4e93c852b91b0f

References

https://www.qualys.com/2019/01/09/system-down/system-down.txt
https://github.com/systemd/systemd/pull/11374
https://github.com/systemd/systemd/pull/11374/commits/084eeb865ca63887098e0945fb4e93c852b91b0f