Stack overflow

2019-03-2116:01:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
debian_linuxeq8.0
debian_linuxeq9.0
fedoraeq29
web_gatewayge8.0.0
web_gatewaylt8.1.1
web_gatewaylt7.7.2.21
web_gatewayge7.8.0

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	18.10
debian_linux	eq	8.0
debian_linux	eq	9.0
fedora	eq	29
web_gateway	ge	8.0.0
web_gateway	lt	8.1.1
web_gateway	lt	7.7.2.21
web_gateway	ge	7.8.0