Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-q4kr-rg2c-f7ad
Vulnerability ID VCID-q4kr-rg2c-f7ad
Aliases CVE-2018-15688
Summary Multiple vulnerabilities have been found in systemd, the worst of which may allow execution of arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-131 Incorrect Calculation of Buffer Size
CWE-190 Integer Overflow or Wraparound
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3 8.8 https://access.redhat.com/errata/RHBA-2019:0327
ssvc Track https://access.redhat.com/errata/RHBA-2019:0327
cvssv3 8.8 https://access.redhat.com/errata/RHSA-2018:3665
ssvc Track https://access.redhat.com/errata/RHSA-2018:3665
cvssv3 8.8 https://access.redhat.com/errata/RHSA-2019:0049
ssvc Track https://access.redhat.com/errata/RHSA-2019:0049
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15688.json
epss 0.00727 https://api.first.org/data/v1/epss?cve=CVE-2018-15688
epss 0.00727 https://api.first.org/data/v1/epss?cve=CVE-2018-15688
epss 0.00727 https://api.first.org/data/v1/epss?cve=CVE-2018-15688
epss 0.00727 https://api.first.org/data/v1/epss?cve=CVE-2018-15688
epss 0.00727 https://api.first.org/data/v1/epss?cve=CVE-2018-15688
epss 0.00727 https://api.first.org/data/v1/epss?cve=CVE-2018-15688
epss 0.00727 https://api.first.org/data/v1/epss?cve=CVE-2018-15688
epss 0.00727 https://api.first.org/data/v1/epss?cve=CVE-2018-15688
cvssv3 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.8 https://github.com/systemd/systemd/pull/10518
ssvc Track https://github.com/systemd/systemd/pull/10518
cvssv3 8.8 https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
ssvc Track https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
archlinux Critical https://security.archlinux.org/AVG-789
cvssv3 8.8 https://security.gentoo.org/glsa/201810-10
ssvc Track https://security.gentoo.org/glsa/201810-10
cvssv3 8.8 https://usn.ubuntu.com/3806-1/
ssvc Track https://usn.ubuntu.com/3806-1/
cvssv3 8.8 https://usn.ubuntu.com/3807-1/
ssvc Track https://usn.ubuntu.com/3807-1/
cvssv3 8.8 http://www.securityfocus.com/bid/105745
ssvc Track http://www.securityfocus.com/bid/105745
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15688.json
https://api.first.org/data/v1/epss?cve=CVE-2018-15688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15688
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10518 https://github.com/systemd/systemd/pull/10518
105745 http://www.securityfocus.com/bid/105745
1639067 https://bugzilla.redhat.com/show_bug.cgi?id=1639067
912008 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912008
ASA-201811-11 https://security.archlinux.org/ASA-201811-11
AVG-789 https://security.archlinux.org/AVG-789
GLSA-201810-10 https://security.gentoo.org/glsa/201810-10
msg00017.html https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
RHSA-2018:3665 https://access.redhat.com/errata/RHSA-2018:3665
RHSA-2019:0049 https://access.redhat.com/errata/RHSA-2019:0049
USN-3806-1 https://usn.ubuntu.com/3806-1/
USN-3807-1 https://usn.ubuntu.com/3807-1/
No exploits are available.
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHBA-2019:0327
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at https://access.redhat.com/errata/RHBA-2019:0327
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:3665
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at https://access.redhat.com/errata/RHSA-2018:3665
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2019:0049
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at https://access.redhat.com/errata/RHSA-2019:0049
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-15688.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/systemd/systemd/pull/10518
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at https://github.com/systemd/systemd/pull/10518
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201810-10
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at https://security.gentoo.org/glsa/201810-10
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/3806-1/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at https://usn.ubuntu.com/3806-1/
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/3807-1/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at https://usn.ubuntu.com/3807-1/
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/105745
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:55:22Z/ Found at http://www.securityfocus.com/bid/105745
Exploit Prediction Scoring System (EPSS)
Percentile 0.7256
EPSS Score 0.00727
Published At April 7, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:12:11.013228+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201810-10 38.0.0