Fluid Attacks Database

Description

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the _CMDLINE= entry. A local attacker may use this flaw to make systemd-journald crash.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	systemd	<0:219-62.el7_6.3	0:219-62.el7_6.3

Aliases

1. CVE-2019-38152. NVD-2019-38153. OSV-2019-3815

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.