Published: 18/05/2018 Updated: 13/09/2022

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 410

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and previous versions may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat virtualization host 4.0
oracle enterprise communications broker 3.0.0
oracle enterprise communications broker 3.1.0
oracle communications session border controller 8.1.0
oracle communications session border controller 8.2.0
oracle communications session border controller 8.0.0
netapp data ontap edge -
netapp element software management -
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
canonical ubuntu linux 16.04

Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Debian Bug report logs - #899071 CVE-2018-11236 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 18 May 2018 20:30:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version glib ...

Debian Bug report logs - #899070 CVE-2018-11237 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 18 May 2018 20:27:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version glib ...

A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met An attacker could use this vulnerability to cause a denial of service or potentially execute code(CVE-2018-11237) ...

A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met An attacker could use this vulnerability to cause a denial of service or potentially execute code(CVE-2018-11237) elf/dl-loadc in the GNU C Library (aka glibc or libc6) 219 through 22 ...

A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met An attacker could use this vulnerability to cause a denial of service or potentially execute code ...

GNU glibc versions prior to 227 suffer from a buffer overflow vulnerability ...

CWE-787 https://sourceware.org/bugzilla/show_bug.cgi?id=23196 http://www.securityfocus.com/bid/104256 https://www.exploit-db.com/exploits/44750/https://access.redhat.com/errata/RHSA-2018:3092 https://security.netapp.com/advisory/ntap-20190401-0001/https://security.netapp.com/advisory/ntap-20190329-0001/https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0327 https://usn.ubuntu.com/4416-1/https://access.redhat.com/errata/RHSA-2018:3092 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2018-1131.html

CVE-2018-11237

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect