CVE - CVE-2019-3815

CVE-ID
CVE-2019-3815	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:106632 URL:http://www.securityfocus.com/bid/106632 MISC:RHBA-2019:0327 URL:https://access.redhat.com/errata/RHBA-2019:0327 MISC:RHSA-2019:0201 URL:https://access.redhat.com/errata/RHSA-2019:0201 MISC:[debian-lts-announce] 20190313 [SECURITY] [DLA 1711-1] systemd security update URL:https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815 URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815
Assigning CNA
Red Hat, Inc.
Date Record Created
20190103	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190103)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)