Published: 01/02/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and previous versions could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
redhat virtualization host 4.0
oracle enterprise communications broker 3.1.0
oracle communications session border controller 8.1.0
oracle communications session border controller 8.2.0
oracle communications session border controller 8.0.0
oracle enterprise communications broker 3.0.0
netapp virtual storage console
netapp element software -
netapp cloud backup -
netapp data ontap edge -
netapp steelstore cloud integrated storage -
netapp vasa provider 6.x
netapp storage replication adapter
netapp virtual storage console -
netapp vasa provider
netapp element software management -

Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Debian Bug report logs - #878159 glibc: CVE-2018-6485: Integer overflow in posix_memalign Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@jwilknet> Date: Tue, 10 Oct 2017 15:21:01 UTC Sev ...

GNU C could be made to execute arbitrary code or cause a crash if it received a specially crafted input ...

Integer overflow in malloc functions:The malloc implementation in the GNU C Library (aka glibc or libc6), from version 224 to 226 on powerpc, and only in version 226 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap ...

A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met An attacker could use this vulnerability to cause a denial of service or potentially execute code(CVE-2018-11237) elf/dl-loadc in the GNU C Library (aka glibc or libc6) 219 through 22 ...

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 226 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption ...

CWE-787 CWE-190 https://sourceware.org/bugzilla/show_bug.cgi?id=22343 http://bugs.debian.org/878159 http://www.securityfocus.com/bid/102912 https://access.redhat.com/errata/RHSA-2018:3092 https://security.netapp.com/advisory/ntap-20190404-0003/https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0327 https://usn.ubuntu.com/4218-1/https://usn.ubuntu.com/4416-1/https://access.redhat.com/errata/RHSA-2018:3092 https://usn.ubuntu.com/4218-1/https://nvd.nist.gov

CVE-2018-6485

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect