CVE-2018-11237

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow9 documents8 sources

Severity

7.8HIGH

EPSS

0.8%

top 25.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc Canonical Ubuntu Linux Oracle Communications Session Border Controller +5 more

Timeline

PublishedMay 18

Latest updateMay 13

Description

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

▶Debianglibc< 2.27-4+3

▶NVDgnu/glibc2.27

▶NVDredhat/virtualization_host4.0

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Ubuntu Linux 16.04, 18.04, 19.10

Patches

Patch: sourceware.org ↗Patch: www.oracle.com ↗Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-fh43-5v3x-c3vr: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2↗2022-05-13

▶

OSV

CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2↗2018-05-18

▶

CVEList

CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2↗2018-05-18

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2020-07-06

▶

Red Hat

glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper↗2018-05-17

▶

Debian

CVE-2018-11237: glibc - An AVX-512-optimized implementation of the mempcpy function in the GNU C Library...↗2018

▶

💬Community

Bugzilla

CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper↗2018-05-22

▶

Bugzilla

CVE-2018-11237 glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper [fedora-all]↗2018-05-22

▶