CVE-2018-6485
glibc: Integer overflow in posix_memalign in memalign functions
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
Un desbordamiento de enteros en la implementación de posix_memalign en las funciones memalign en GNU C Library (también conocido como glibc o libc6) en versiones 2.26 y anteriores podría provocar que estas funciones devuelvan un puntero a un área de la memoria dinámica (heap) demasiado pequeña, pudiendo corromper el heap.
Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-03 CVE Published
- 2018-02-01 CVE Reserved
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-787: Out-of-bounds Write
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/878159 | Issue Tracking | |
| http://www.securityfocus.com/bid/102912 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20190404-0003 | Third Party Advisory |
|
| https://sourceware.org/bugzilla/show_bug.cgi?id=22343 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:3092 | 2020-08-24 | |
| https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | 2020-08-24 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2019:0327 | 2020-08-24 | |
| https://usn.ubuntu.com/4218-1 | 2020-08-24 | |
| https://usn.ubuntu.com/4416-1 | 2020-08-24 | |
| https://access.redhat.com/security/cve/CVE-2018-6485 | 2018-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1542102 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.26 Search vendor "Gnu" for product "Glibc" and version " <= 2.26" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.0.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.1.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller" | 8.2.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.2.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.0.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.1.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.1.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Ontap Edge Search vendor "Netapp" for product "Data Ontap Edge" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Search vendor "Netapp" for product "Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Management Search vendor "Netapp" for product "Element Software Management" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storage Replication Adapter Search vendor "Netapp" for product "Storage Replication Adapter" | >= 7.2 Search vendor "Netapp" for product "Storage Replication Adapter" and version " >= 7.2" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Vasa Provider Search vendor "Netapp" for product "Vasa Provider" | >= 7.2 Search vendor "Netapp" for product "Vasa Provider" and version " >= 7.2" | clustered_data_ontap |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Vasa Provider Search vendor "Netapp" for product "Vasa Provider" | 6.x Search vendor "Netapp" for product "Vasa Provider" and version "6.x" | clustered_data_ontap |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Virtual Storage Console Search vendor "Netapp" for product "Virtual Storage Console" | >= 7.2 Search vendor "Netapp" for product "Virtual Storage Console" and version " >= 7.2" | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Virtual Storage Console Search vendor "Netapp" for product "Virtual Storage Console" | - | - |
Affected
| ||||||