CVE-2017-18269

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.

Una implementación memmove optimizada para SSE2 para i386 en sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S en GNU C Library (también conocida como glibc o libc6), desde la versión 2.21 hasta la 2.27 no realiza correctamente la comprobación de solapamiento de memoria si el rango de memoria de origen se extiende por el medio del espacio de memoria. Esto resulta en que se produzcan datos corruptos en la operación de copia. Esto podría revelar información a atacantes que dependen del contexto o resultar en una denegación de servicio (DoS) o una posible ejecución de código.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-05-18 CVE Reserved
2018-05-18 CVE Published
2024-04-27 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (6)

URL	Tag	Source
https://github.com/fingolfin/memmove-bug	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190329-0001	X_refsource_confirm
https://security.netapp.com/advisory/ntap-20190401-0001	X_refsource_confirm
https://sourceware.org/bugzilla/show_bug.cgi?id=22644	Issue Tracking
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=cd66c0e584c6d692bc8347b5e72723d02b8a8ada	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://usn.ubuntu.com/4416-1	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"	Glibc Search vendor "Gnu" for product "Glibc"	>= 2.21 <= 2.27 Search vendor "Gnu" for product "Glibc" and version " >= 2.21 <= 2.27"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	-	-	Safe