PT-2017-3513 · Gnu+5 · Glibc+5

Jakub Wilk

Publicado

2017-10-24

Atualizado

2024-06-15

CVE-2018-6485

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.26 and earlier

Description The issue is caused by an integer overflow in the implementation of the posix memalign in memalign functions, potentially leading to heap corruption. This could allow a remote attacker to cause a denial of service. The problem is related to a cyclic shift of a pointer, resulting in a memory overflow.

Recommendations For glibc versions 2.26 and earlier, consider updating to a version later than 2.26 to resolve the issue. As a temporary workaround, consider restricting the use of the memalign function until a patch is available. Avoid using the posix memalign function in the affected glibc versions to minimize the risk of exploitation.

Exploit

Correção

Integer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-787

Identificadores relacionados

ALT-PU-2017-2833

BDU:2018-00365

CESA-2018_3092

CVE-2018-6485

MGASA-2018-0159

OPENSUSE-SU-2018_0494-1

OPENSUSE-SU-2024:10792-1

RHSA-2018:3092

RHSA-2018_3092

SUSE-SU-2018:0451-1

SUSE-SU-2018:0565-1

USN-4218-1

USN-4416-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Glibc

PT-2017-3513 · Gnu+5 · Glibc+5

CVE-2018-6485

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 154