CVE-2018-11236
published 2018-05-18CVE-2018-11236: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.27-4 (bookworm) | glibc 2.27-4 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.15+esm3 | 2.19-0ubuntu6.15+esm3 |
| gnu | glibc | <= 2.27 | — |
| gnu | glibc | >= 0 < 2.27-4 | 2.27-4 |
| gnu | glibc | >= 0 < 2.27-4 | 2.27-4 |
| gnu | glibc | >= 0 < 2.27-4 | 2.27-4 |
| gnu | glibc | >= 0 < 2.27-4 | 2.27-4 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.2 | 2.23-0ubuntu11.2 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.2 | 2.27-3ubuntu1.2 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.3+esm6 | 2.23-0ubuntu11.3+esm6 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.6+esm2 | 2.27-3ubuntu1.6+esm2 |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | enterprise_communications_broker | — | — |
| oracle | enterprise_communications_broker | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL