CVE-2019-6454
- Source
- https://cve.org/CVERecord?id=CVE-2019-6454
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-6454.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-6454
- Downstream
- Related
- Published
- 2019-03-21T16:01:08.203Z
- Modified
- 2026-04-11T12:20:25.707028Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in sd-bus in systemd 239. busprocessobject() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "extracted_events": [ { "fixed": "7.7.2.21" }, { "introduced": "7.8.0" }, { "fixed": "7.8.2.8" }, { "introduced": "8.0.0" }, { "fixed": "8.1.1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "16.04" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "18.04" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "18.10" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "9.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "15.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.5" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.5" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.5" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.5" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.6" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.0" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.1" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "8.2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "7.0" } ], "source": "CPE_FIELD" } ] }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/
- http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html
- http://www.openwall.com/lists/oss-security/2019/02/19/1
- http://www.securityfocus.com/bid/107081
- https://access.redhat.com/errata/RHSA-2019:0368
- https://access.redhat.com/errata/RHSA-2019:0990
- https://access.redhat.com/errata/RHSA-2019:1322
- https://access.redhat.com/errata/RHSA-2019:1502
- https://access.redhat.com/errata/RHSA-2019:2805
- https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html
- https://security.netapp.com/advisory/ntap-20190327-0004/
- https://usn.ubuntu.com/3891-1/
- https://www.debian.org/security/2019/dsa-4393
- http://www.openwall.com/lists/oss-security/2019/02/18/3
- https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
- https://kc.mcafee.com/corporate/index?page=content&id=SB10278
- http://www.openwall.com/lists/oss-security/2021/07/20/2
Affected packages
Git / github.com/systemd/systemd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/systemd/systemd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:systemd_project:systemd:239:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "239" }, { "last_affected": "29" } ], "source": "CPE_FIELD" }
Affected versions
Other
v1
v10
v11
v12
v13
v14
v15
v16
v17
v18
v183
v184
v185
v186
v187
v188
v189
v19
v190
v191
v192
v193
v194
v195
v196
v197
v198
v199
v2
v20
v200
v201
v202
v203
v204
v205
v206
v207
v208
v209
v21
v210
v211
v212
v213
v214
v215
v216
v217
v218
v219
v22
v220
v221
v222
v223
v224
v225
v226
v227
v228
v229
v23
v230
v231
v232
v233
v234
v235
v236
v237
v238
v239
v24
v25
v26
v27
v28
v29
v3
v30
v31
v32
v33
v34
v35
v36
v37
v38
v39
v4
v40
v41
v42
v43
v44
v5
v6
v7
v8
v9