PT-2017-3513 · Gnu+5 · Glibc+5

Jakub Wilk

Published

2017-10-24

Updated

2024-06-15

CVE-2018-6485

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.26 and earlier

Description The issue is caused by an integer overflow in the implementation of the posix memalign in memalign functions, potentially leading to heap corruption. This could allow a remote attacker to cause a denial of service. The problem is related to a cyclic shift of a pointer, resulting in a memory overflow.

Recommendations For glibc versions 2.26 and earlier, consider updating to a version later than 2.26 to resolve the issue. As a temporary workaround, consider restricting the use of the memalign function until a patch is available. Avoid using the posix memalign function in the affected glibc versions to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALT-PU-2017-2833

BDU:2018-00365

CESA-2018_3092

CVE-2018-6485

MGASA-2018-0159

OPENSUSE-SU-2018_0494-1

OPENSUSE-SU-2024:10792-1

RHSA-2018:3092

RHSA-2018_3092

SUSE-SU-2018:0451-1

SUSE-SU-2018:0565-1

USN-4218-1

USN-4416-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Glibc

PT-2017-3513 · Gnu+5 · Glibc+5

CVE-2018-6485

Weakness Enumeration

Related Identifiers

Affected Products

References · 154