Vulnerability CVE-2018-11237: Information

Description

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-11237
Published: May 18, 2018
Modified: Sept. 14, 2022
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.30-alt12.38.0.76.e9f05fa1c6-alt1ALT-PU-2019-3114-1240143Fixed
glibcp102.30-alt12.32-alt5.p10.3ALT-PU-2019-3114-1240143Fixed
glibcc10f12.30-alt12.32-alt5.p10.3ALT-PU-2019-3114-1240143Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=23196
  • Issue Tracking
  • Patch
  • Third Party Advisory
104256
  • Broken Link
44750
  • Broken Link
  • Third Party Advisory
  • VDB Entry
RHSA-2018:3092
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20190401-0001/
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20190329-0001/
  • Broken Link
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  • Patch
  • Third Party Advisory
RHBA-2019:0327
  • Third Party Advisory
USN-4416-1
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
      End including
      2.27

      Configuration 2

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
      cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:element_software_management:-:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top