CVE-2018-11237

Опубликовано: 18 мая 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Ссылки

http://www.securityfocus.com/bid/104256
Broken Link
https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3092
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190329-0001/
Broken Link
https://security.netapp.com/advisory/ntap-20190401-0001/
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=23196
Issue Tracking
Patch
Third Party Advisory
https://usn.ubuntu.com/4416-1/
Third Party Advisory
https://www.exploit-db.com/exploits/44750/
Broken Link
Third Party Advisory
VDB Entry
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/104256
Broken Link
https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3092
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190329-0001/
Broken Link
https://security.netapp.com/advisory/ntap-20190401-0001/
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=23196
Issue Tracking
Patch
Third Party Advisory
https://usn.ubuntu.com/4416-1/
Third Party Advisory
https://www.exploit-db.com/exploits/44750/
Broken Link
Third Party Advisory
VDB Entry
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Версия до 2.27 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:element_software_management:-:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00588

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-11237

CVSS3: 7.8

ubuntu

больше 7 лет назад

CVE-2018-11237

CVSS3: 5.6

redhat

больше 7 лет назад

CVE-2018-11237

CVSS3: 7.8

debian

больше 7 лет назад

An AVX-512-optimized implementation of the mempcpy function in the GNU ...

openSUSE-SU-2018:1633-1

suse-cvrf

больше 7 лет назад

Security update for glibc

GHSA-fh43-5v3x-c3vr

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 68%

0.00588

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-787