CVE-2017-18269

CWE-119Buffer Overflow10 documents8 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedMay 18
Latest updateMay 13

Description

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianglibc< 2.27-3+3
NVDgnu/glibc2.212.27

🔴Vulnerability Details

4
GHSA
GHSA-r6cp-c5hh-vmv8: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned2022-05-13
OSV
glibc vulnerabilities2020-07-06
CVEList
CVE-2017-18269: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned2018-05-18
OSV
CVE-2017-18269: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned2018-05-18

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2020-07-06
Red Hat
glibc: memory corruption in memcpy-sse2-unaligned.S2017-12-24
Debian
CVE-2017-18269: glibc - An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch...2017

💬Community

2
Bugzilla
CVE-2017-18269 glibc: memory corruption in memcpy-sse2-unaligned.S2018-05-21
Bugzilla
CVE-2017-18269 glibc: memory corruption in memcpy-sse2-unaligned.S [fedora-all]2018-05-21
CVE-2017-18269 (CRITICAL CVSS 9.8) | An SSE2-optimized memmove implement | cvebase.io