Published: 18/05/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and previous versions, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat virtualization host 4.0
oracle enterprise communications broker 3.0.0
oracle enterprise communications broker 3.1.0
oracle communications session border controller 8.1.0
oracle communications session border controller 8.2.0
oracle communications session border controller 8.0.0
netapp data ontap edge -
netapp element software management -

Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Debian Bug report logs - #899071 CVE-2018-11236 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 18 May 2018 20:30:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version glib ...

Debian Bug report logs - #899070 CVE-2018-11237 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 18 May 2018 20:27:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version glib ...

stdlib/canonicalizec in the GNU C Library (aka glibc or libc6) 227 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution(CVE-2018-11236) The GNU C Library (aka glibc or lib ...

A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met An attacker could use this vulnerability to cause a denial of service or potentially execute code(CVE-2018-11237) elf/dl-loadc in the GNU C Library (aka glibc or libc6) 219 through 22 ...

CWE-787 CWE-190 https://sourceware.org/bugzilla/show_bug.cgi?id=22786 http://www.securityfocus.com/bid/104255 https://access.redhat.com/errata/RHSA-2018:3092 https://security.netapp.com/advisory/ntap-20190401-0001/https://security.netapp.com/advisory/ntap-20190329-0001/https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0327 https://usn.ubuntu.com/4416-1/https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=5460617d1567657621107d895ee2dd83bc1f88f2 https://access.redhat.com/errata/RHSA-2018:3092 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2018-1048.html

CVE-2018-11236

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect