Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-11236

Опубликовано: 04 фев. 2018
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Отчет

Red Hat Product Security has rated this issue as having moderate security impact and a future update may address this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5compat-glibcNot affected
Red Hat Enterprise Linux 5glibcWill not fix
Red Hat Enterprise Linux 6compat-glibcNot affected
Red Hat Enterprise Linux 6glibcWill not fix
Red Hat Enterprise Linux 7compat-glibcNot affected
Red Hat Enterprise Linux 8glibcNot affected
Red Hat Enterprise Linux 7glibcFixedRHSA-2018:309230.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1581269glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow

EPSS

Процентиль: 70%
0.0066
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-11236

CVSS3: 9.8
ubuntu
больше 7 лет назад

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

nvd логотип

CVE-2018-11236

CVSS3: 9.8
nvd
больше 7 лет назад

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

debian логотип

CVE-2018-11236

CVSS3: 9.8
debian
больше 7 лет назад

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a ...

suse-cvrf логотип

SUSE-SU-2018:2302-1

suse-cvrf
больше 7 лет назад

Security update for glibc

github логотип

GHSA-pgv4-4294-ccrq

CVSS3: 9.8
github
больше 3 лет назад

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

EPSS

Процентиль: 70%
0.0066
Низкий

7.8 High

CVSS3