CVE-2018-6485 - An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C L

CVE-2018-6485

Summary

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

References

Vulnerable Configurations

cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:x64:*
cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:x64:*
cpe:2.3:a:gnu:glibc:0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.06.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.07.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.08.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:1.09.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.23:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:x86:*
cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:x86:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software_management:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software_management:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:vasa_provider:6.x:*:*:*:*:clustered_data_ontap:*:*
cpe:2.3:a:netapp:vasa_provider:6.x:*:*:*:*:clustered_data_ontap:*:*
cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:*
cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:*
cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*

CVSS

Base:	7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-190

CAPEC

Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1581274
title	CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment glibc is earlier than 0:2.17-260.el7
oval oval:com.redhat.rhsa:tst:20183092001
comment glibc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20120763002
AND
comment glibc-common is earlier than 0:2.17-260.el7
oval oval:com.redhat.rhsa:tst:20183092003
comment glibc-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20120763004
AND
comment glibc-devel is earlier than 0:2.17-260.el7
oval oval:com.redhat.rhsa:tst:20183092005
comment glibc-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20120763006
AND
comment glibc-headers is earlier than 0:2.17-260.el7
oval oval:com.redhat.rhsa:tst:20183092007
comment glibc-headers is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20120763008
AND
comment glibc-static is earlier than 0:2.17-260.el7
oval oval:com.redhat.rhsa:tst:20183092009
comment glibc-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20120763010
AND
comment glibc-utils is earlier than 0:2.17-260.el7
oval oval:com.redhat.rhsa:tst:20183092011
comment glibc-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20120763012
AND
comment nscd is earlier than 0:2.17-260.el7
oval oval:com.redhat.rhsa:tst:20183092013
comment nscd is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20120763014

rhsa

id	RHSA-2018:3092
released	2018-10-30
severity	Moderate
title	RHSA-2018:3092: glibc security, bug fix, and enhancement update (Moderate)

rhsa
id RHBA-2019:0327

rpms

glibc-0:2.17-260.el7
glibc-common-0:2.17-260.el7
glibc-debuginfo-0:2.17-260.el7
glibc-debuginfo-common-0:2.17-260.el7
glibc-devel-0:2.17-260.el7
glibc-headers-0:2.17-260.el7
glibc-static-0:2.17-260.el7
glibc-utils-0:2.17-260.el7
nscd-0:2.17-260.el7

refmap via4

bid	102912
confirm	http://bugs.debian.org/878159 https://security.netapp.com/advisory/ntap-20190404-0003/ https://sourceware.org/bugzilla/show_bug.cgi?id=22343
misc	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
ubuntu	USN-4218-1 USN-4416-1

Last major update

24-08-2020 - 17:37

Published

01-02-2018 - 14:29

Last modified

24-08-2020 - 17:37