CVE-2018-16866 MEDIUM

CVE-2018-16866

Vendor The Systemd Project
Product systemd
Weakness CWE-125
Published January 11, 2019
Last update June 9, 2025

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Key dates

02Disclosure timeline

January 11, 2019 CVE published
June 9, 2025 Record updated