CVE-2018-11237

 

Published at: - 18-05-2018 06:29

Last modified: - 13-09-2022 11:25

Total changes: - 3

Description

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://sourceware.org/bugzilla/show_bug.cgi?id=23196
• 104256-Broken Link
• 44750-Broken Link, Third Party Advisory, VDB Entry
• RHSA-2018:3092-Third Party Advisory
• https://security.netapp.com/advisory/ntap-20190401-0001/
• https://security.netapp.com/advisory/ntap-20190329-0001/
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• RHBA-2019:0327-Third Party Advisory
• USN-4416-1-Third Party Advisory

 

Keywords

NVD

 

CVE-2018-11237

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures