CVE-2018-16865 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary code execution
Description	A memory corruption vulnerability has been found in the journald component of systemd >= v201 and <= v240, in the journal_file_append_entry() function. Sending a large "native" message to /run/systemd/journal/socket led to an attacker-controlled alloca(), which could be used to override the content of the memory, in the stack-clash fashion.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-845	systemd	240.0-3	240.34-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
12 Jan 2019	ASA-201901-9	AVG-845	systemd	High	arbitrary code execution

References
https://www.qualys.com/2019/01/09/system-down/system-down.txt https://github.com/systemd/systemd/pull/11374 https://github.com/systemd/systemd/pull/11374/commits/052c57f132f04a3cf4148f87561618da1a6908b4

References

https://www.qualys.com/2019/01/09/system-down/system-down.txt
https://github.com/systemd/systemd/pull/11374
https://github.com/systemd/systemd/pull/11374/commits/052c57f132f04a3cf4148f87561618da1a6908b4