CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-6485

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1400%
EPSS Percentile14.10th
Published2018年2月1日
Last Modified2024年11月21日

Vulnerability Description

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Affected Platforms (CPE)

📦
Gnu

Glibc

<= 2.26
📦
Redhat

Virtualization Host

= 4.0
💻
Redhat

Enterprise Linux Desktop

= 7.0
💻
Redhat

Enterprise Linux Server

= 7.0
💻
Redhat

Enterprise Linux Workstation

= 7.0
📦
Oracle

Communications Session Border Controller

= 8.0.0
📦
Oracle

Communications Session Border Controller

= 8.1.0
📦
Oracle

Communications Session Border Controller

= 8.2.0
📦
Oracle

Enterprise Communications Broker

= 3.0.0
📦
Oracle

Enterprise Communications Broker

= 3.1.0
📦
Netapp

Cloud Backup

All versions
📦
Netapp

Data Ontap Edge

All versions
📦
Netapp

Element Software

All versions
📦
Netapp

Element Software Management

All versions
📦
Netapp

Steelstore Cloud Integrated Storage

All versions
📦
Netapp

Storage Replication Adapter

>= 7.2
📦
Netapp

Vasa Provider

>= 7.2
📦
Netapp

Vasa Provider

= 6.x
📦
Netapp

Virtual Storage Console

>= 7.2
📦
Netapp

Virtual Storage Console

All versions

References & Advisories

🔗 http://bugs.debian.org/878159
🔗 http://www.securityfocus.com/bid/102912
🔗 https://access.redhat.com/errata/RHBA-2019:0327
🔗 https://access.redhat.com/errata/RHSA-2018:3092
🔗 https://security.netapp.com/advisory/ntap-20190404-0003/
🔗 https://sourceware.org/bugzilla/show_bug.cgi?id=22343
🔗 https://usn.ubuntu.com/4218-1/
🔗 https://usn.ubuntu.com/4416-1/

関連する脆弱性情報

CVE-2015-023510.0

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows con...

CVE-2017-156709.8

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glo...

CVE-2017-158049.8

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of ...

CVE-2017-182699.8

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka...