CVE-2019-3815

LOW

Redhat Enterprise Linux Server - Memory Leak

Title source: rule

Description

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106632

[Vendor Advisory] https://access.redhat.com/errata/RHBA-2019:0327

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:0201

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html

Scores

CVSS v3 3.3

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-401

Status published

Affected Products (7)

redhat/enterprise_linux_server

redhat/openshift_container_platform

redhat/enterprise_linux_desktop

redhat/enterprise_linux_server_aus

redhat/enterprise_linux_server_eus

redhat/enterprise_linux_workstation

debian/debian_linux

Timeline

Published Jan 28, 2019

Tracked Since Feb 18, 2026