Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18269

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.

Published

2018-05-18T16:29:00.227

Last Modified

2024-11-21T03:19:43.920

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	glibc	≤ 2.27	Yes
Operating System	linux	linux_kernel	-	No

References

https://github.com/fingolfin/memmove-bug Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20190329-0001/ ([email protected])
https://security.netapp.com/advisory/ntap-20190401-0001/ ([email protected])
https://sourceware.org/bugzilla/show_bug.cgi?id=22644 Issue Tracking ([email protected])
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=cd66c0e584c6d692bc8347b5e72723d02b8a8ada ([email protected])
https://usn.ubuntu.com/4416-1/ ([email protected])
https://github.com/fingolfin/memmove-bug Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190329-0001/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190401-0001/ (af854a3a-2127-422b-91ae-364da2661108)
https://sourceware.org/bugzilla/show_bug.cgi?id=22644 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=cd66c0e584c6d692bc8347b5e72723d02b8a8ada (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4416-1/ (af854a3a-2127-422b-91ae-364da2661108)