CVE-2018-11236

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions glibc versions 2.27 and earlier

Description The issue is caused by an integer overflow in the mempcpy function of the glibc library, which provides system calls and basic functions. This overflow can occur when processing very long pathname arguments to the realpath function on 32-bit architectures, potentially leading to a stack-based buffer overflow and arbitrary code execution.

Recommendations For glibc versions 2.27 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of very long pathname arguments to the realpath function to minimize the risk of overflow. Avoid using the realpath function with untrusted input until the issue is resolved.

Exploit

Fix

Integer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-787

Related Identifiers

ALT-PU-2019-3114

BDU:2019-01773

BDU:2024-09951

CESA-2018_3092

CVE-2018-11236

MGASA-2018-0293

OPENSUSE-SU-2018_1600-1

OPENSUSE-SU-2018_2159-1

OPENSUSE-SU-2024:10792-1

RHSA-2018:3092

RHSA-2018_3092

SUSE-SU-2018:1562-1

SUSE-SU-2018:1562-2

SUSE-SU-2018:1991-1

SUSE-SU-2018:2185-1

SUSE-SU-2018:2187-1

SUSE-SU-2018:2302-1

SUSE-SU-2018_2302-1

USN-4416-1

USN-6762-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Glibc

CVE-2018-11236

Weakness Enumeration

Related Identifiers

Affected Products

References · 116