CyberSec.Space Logo
Back to CVE Browser

CVE-2018-6485

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile14.10th
PublishedFeb 1, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Affected Platforms (CPE)

πŸ“¦
Gnu

Glibc

<= 2.26
πŸ“¦
Redhat

Virtualization Host

= 4.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 7.0
πŸ’»
Redhat

Enterprise Linux Server

= 7.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 7.0
πŸ“¦
Oracle

Communications Session Border Controller

= 8.0.0
πŸ“¦
Oracle

Communications Session Border Controller

= 8.1.0
πŸ“¦
Oracle

Communications Session Border Controller

= 8.2.0
πŸ“¦
Oracle

Enterprise Communications Broker

= 3.0.0
πŸ“¦
Oracle

Enterprise Communications Broker

= 3.1.0
πŸ“¦
Netapp

Cloud Backup

All versions
πŸ“¦
Netapp

Data Ontap Edge

All versions
πŸ“¦
Netapp

Element Software

All versions
πŸ“¦
Netapp

Element Software Management

All versions
πŸ“¦
Netapp

Steelstore Cloud Integrated Storage

All versions
πŸ“¦
Netapp

Storage Replication Adapter

>= 7.2
πŸ“¦
Netapp

Vasa Provider

>= 7.2
πŸ“¦
Netapp

Vasa Provider

= 6.x
πŸ“¦
Netapp

Virtual Storage Console

>= 7.2
πŸ“¦
Netapp

Virtual Storage Console

All versions

References & Advisories

πŸ”— http://bugs.debian.org/878159
πŸ”— http://www.securityfocus.com/bid/102912
πŸ”— https://access.redhat.com/errata/RHBA-2019:0327
πŸ”— https://access.redhat.com/errata/RHSA-2018:3092
πŸ”— https://security.netapp.com/advisory/ntap-20190404-0003/
πŸ”— https://sourceware.org/bugzilla/show_bug.cgi?id=22343
πŸ”— https://usn.ubuntu.com/4218-1/
πŸ”— https://usn.ubuntu.com/4416-1/

Related Vulnerabilities

CVE-2015-023510.0

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows con...

CVE-2017-156709.8

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glo...

CVE-2017-158049.8

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of ...

CVE-2017-182699.8

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka...