CVE-2018-11237
published 2018-05-18CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | glibc | < glibc 2.27-4 (bookworm) | glibc 2.27-4 (bookworm) |
| gnu | glibc | <= 2.27 | — |
| gnu | glibc | >= 0 < 2.27-4 | 2.27-4 |
| gnu | glibc | >= 0 < 2.27-4 | 2.27-4 |
| gnu | glibc | >= 0 < 2.27-4 | 2.27-4 |
| gnu | glibc | >= 0 < 2.27-4 | 2.27-4 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.2 | 2.23-0ubuntu11.2 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.2 | 2.27-3ubuntu1.2 |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | enterprise_communications_broker | — | — |
| oracle | enterprise_communications_broker | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH