Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-11236

Опубликовано: 18 мая 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Версия до 2.27 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software_management:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.00894
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2018-11236

CVSS3: 9.8
ubuntu
больше 7 лет назад

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

redhat логотип

CVE-2018-11236

CVSS3: 7.8
redhat
почти 8 лет назад

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

debian логотип

CVE-2018-11236

CVSS3: 9.8
debian
больше 7 лет назад

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a ...

suse-cvrf логотип

SUSE-SU-2018:2302-1

suse-cvrf
больше 7 лет назад

Security update for glibc

github логотип

GHSA-pgv4-4294-ccrq

CVSS3: 9.8
github
больше 3 лет назад

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

EPSS

Процентиль: 75%
0.00894
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190