ID CVE-2019-6454
Summary An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
References
Vulnerable Configurations
  • cpe:2.3:a:systemd_project:systemd:239:*:*:*:*:*:*:*
    cpe:2.3:a:systemd_project:systemd:239:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.3.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.3.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.3.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.3.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.3.2.9.:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.3.2.9.:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.5.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.5.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.5.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.5.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.5.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.5.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.6.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.6.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.7.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.7.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:7.8.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:7.8.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mcafee:web_gateway:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mcafee:web_gateway:8.1.0:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 20-02-2022 - 06:08)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
  • bugzilla
    id 1667032
    title CVE-2019-6454 systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment libgudev1 is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368001
          • comment libgudev1 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092002
        • AND
          • comment libgudev1-devel is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368003
          • comment libgudev1-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092004
        • AND
          • comment systemd is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368005
          • comment systemd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092006
        • AND
          • comment systemd-devel is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368007
          • comment systemd-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092008
        • AND
          • comment systemd-journal-gateway is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368009
          • comment systemd-journal-gateway is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092010
        • AND
          • comment systemd-libs is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368011
          • comment systemd-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092012
        • AND
          • comment systemd-networkd is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368013
          • comment systemd-networkd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092014
        • AND
          • comment systemd-python is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368015
          • comment systemd-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092016
        • AND
          • comment systemd-resolved is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368017
          • comment systemd-resolved is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092018
        • AND
          • comment systemd-sysv is earlier than 0:219-62.el7_6.5
            oval oval:com.redhat.rhsa:tst:20190368019
          • comment systemd-sysv is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092020
    rhsa
    id RHSA-2019:0368
    released 2019-02-19
    severity Important
    title RHSA-2019:0368: systemd security update (Important)
  • bugzilla
    id 1693578
    title [PATCH] bus-socket: Fix line_begins() to accept word matching full[ZStream Clone]
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment systemd is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990001
          • comment systemd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092006
        • AND
          • comment systemd-container is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990003
          • comment systemd-container is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990004
        • AND
          • comment systemd-debugsource is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990005
          • comment systemd-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990006
        • AND
          • comment systemd-devel is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990007
          • comment systemd-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092008
        • AND
          • comment systemd-journal-remote is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990009
          • comment systemd-journal-remote is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990010
        • AND
          • comment systemd-libs is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990011
          • comment systemd-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152092012
        • AND
          • comment systemd-pam is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990013
          • comment systemd-pam is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990014
        • AND
          • comment systemd-tests is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990015
          • comment systemd-tests is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990016
        • AND
          • comment systemd-udev is earlier than 0:239-13.el8_0.3
            oval oval:com.redhat.rhsa:tst:20190990017
          • comment systemd-udev is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190990018
    rhsa
    id RHSA-2019:0990
    released 2019-05-07
    severity Moderate
    title RHSA-2019:0990: systemd security and bug fix update (Moderate)
  • rhsa
    id RHSA-2019:1322
  • rhsa
    id RHSA-2019:1502
  • rhsa
    id RHSA-2019:2805
rpms
  • libgudev1-0:219-62.el7_6.5
  • libgudev1-devel-0:219-62.el7_6.5
  • systemd-0:219-62.el7_6.5
  • systemd-debuginfo-0:219-62.el7_6.5
  • systemd-devel-0:219-62.el7_6.5
  • systemd-journal-gateway-0:219-62.el7_6.5
  • systemd-libs-0:219-62.el7_6.5
  • systemd-networkd-0:219-62.el7_6.5
  • systemd-python-0:219-62.el7_6.5
  • systemd-resolved-0:219-62.el7_6.5
  • systemd-sysv-0:219-62.el7_6.5
  • redhat-release-virtualization-host-0:4.2-8.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20190219.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-8.3.el7
  • rhvm-appliance-2:4.2-20190224.0.el7
  • systemd-0:239-13.el8_0.3
  • systemd-container-0:239-13.el8_0.3
  • systemd-container-debuginfo-0:239-13.el8_0.3
  • systemd-debuginfo-0:239-13.el8_0.3
  • systemd-debugsource-0:239-13.el8_0.3
  • systemd-devel-0:239-13.el8_0.3
  • systemd-journal-remote-0:239-13.el8_0.3
  • systemd-journal-remote-debuginfo-0:239-13.el8_0.3
  • systemd-libs-0:239-13.el8_0.3
  • systemd-libs-debuginfo-0:239-13.el8_0.3
  • systemd-pam-0:239-13.el8_0.3
  • systemd-pam-debuginfo-0:239-13.el8_0.3
  • systemd-tests-0:239-13.el8_0.3
  • systemd-tests-debuginfo-0:239-13.el8_0.3
  • systemd-udev-0:239-13.el8_0.3
  • systemd-udev-debuginfo-0:239-13.el8_0.3
  • libgudev1-0:219-57.el7_5.6
  • libgudev1-devel-0:219-57.el7_5.6
  • systemd-0:219-57.el7_5.6
  • systemd-debuginfo-0:219-57.el7_5.6
  • systemd-devel-0:219-57.el7_5.6
  • systemd-journal-gateway-0:219-57.el7_5.6
  • systemd-libs-0:219-57.el7_5.6
  • systemd-networkd-0:219-57.el7_5.6
  • systemd-python-0:219-57.el7_5.6
  • systemd-resolved-0:219-57.el7_5.6
  • systemd-sysv-0:219-57.el7_5.6
  • libgudev1-0:219-42.el7_4.16
  • libgudev1-devel-0:219-42.el7_4.16
  • systemd-0:219-42.el7_4.16
  • systemd-debuginfo-0:219-42.el7_4.16
  • systemd-devel-0:219-42.el7_4.16
  • systemd-journal-gateway-0:219-42.el7_4.16
  • systemd-libs-0:219-42.el7_4.16
  • systemd-networkd-0:219-42.el7_4.16
  • systemd-python-0:219-42.el7_4.16
  • systemd-resolved-0:219-42.el7_4.16
  • systemd-sysv-0:219-42.el7_4.16
  • libgudev1-0:219-30.el7_3.14
  • libgudev1-devel-0:219-30.el7_3.14
  • systemd-0:219-30.el7_3.14
  • systemd-debuginfo-0:219-30.el7_3.14
  • systemd-devel-0:219-30.el7_3.14
  • systemd-journal-gateway-0:219-30.el7_3.14
  • systemd-libs-0:219-30.el7_3.14
  • systemd-networkd-0:219-30.el7_3.14
  • systemd-python-0:219-30.el7_3.14
  • systemd-resolved-0:219-30.el7_3.14
  • systemd-sysv-0:219-30.el7_3.14
refmap via4
bid 107081
confirm
debian DSA-4393-1
fedora FEDORA-2019-8434288a24
misc https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c
mlist
  • [SECURITY] [DLA 1684-1] 20190219 systemd security update
  • [oss-security] 20190218 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
  • [oss-security] 20190219 CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
suse
  • SUSE-SA:2019:0255-1
  • openSUSE-SU-2019:1450
ubuntu USN-3891-1
Last major update 20-02-2022 - 06:08
Published 21-03-2019 - 16:01
Last modified 20-02-2022 - 06:08
Back to Top