<p>Upgrade <code>Debian:8</code> <code>systemd</code> to version 215-17+deb8u9 or higher.</p>

Allocation of Resources Without Limits or Throttling Affecting systemd package, versions <215-17+deb8u9

Threat Intelligence

0.04% (15^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN8-SYSTEMD-305102
published 11 Jan 2019
disclosed 11 Jan 2019

Report a new vulnerability Found a mistake?

Introduced: 11 Jan 2019

CVE-2018-16865 Open this link in a new tab CWE-770 Open this link in a new tab

How to fix?

Upgrade Debian:8 systemd to version 215-17+deb8u9 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Local
Attack Complexity (AC)

Low
Privileges Required (PR)

Low
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High