CVE-2018-6485
published 2018-02-01CVE-2018-6485: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.27-1 (bookworm) | glibc 2.27-1 (bookworm) |
| gnu | glibc | <= 2.26 | — |
| gnu | glibc | >= 0 < 2.27-1 | 2.27-1 |
| gnu | glibc | >= 0 < 2.27-1 | 2.27-1 |
| gnu | glibc | >= 0 < 2.27-1 | 2.27-1 |
| gnu | glibc | >= 0 < 2.27-1 | 2.27-1 |
| gnu | glibc | >= 0 < 2.23-0ubuntu11.2 | 2.23-0ubuntu11.2 |
| gnu | glibc | >= 0 < 2.27-3ubuntu1.2 | 2.27-3ubuntu1.2 |
| netapp | storage_replication_adapter | >= 7.2 | — |
| netapp | vasa_provider | — | — |
| netapp | vasa_provider | >= 7.2 | — |
| netapp | virtual_storage_console | >= 7.2 | — |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | communications_session_border_controller | — | — |
| oracle | enterprise_communications_broker | — | — |
| oracle | enterprise_communications_broker | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL