CVE-2017-17426
published 2017-12-05CVE-2017-17426: The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object…
high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | — | — |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.14 | 2.19-0ubuntu6.14 |
| gnu | glibc | — | — |
| gnu | glibc | >= 0 < 2.23-0ubuntu10 | 2.23-0ubuntu10 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1 | 2.27-3ubuntu1 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH