CVE-2017-18269: Buffer Overflow
First published: Fri May 18 2018(Updated: )
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU C Library (glibc) | >=2.21<=2.27 | |
| Linux Kernel | ||
| All of | ||
| GNU C Library (glibc) | >=2.21<=2.27 | |
| Linux Kernel | ||
| debian/glibc | 2.31-13+deb11u11 2.31-13+deb11u10 2.36-9+deb12u9 2.36-9+deb12u7 2.40-6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/fingolfin/memmove-bug
- https://security.netapp.com/advisory/ntap-20190329-0001/
- https://security.netapp.com/advisory/ntap-20190401-0001/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22644
- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada
- https://usn.ubuntu.com/4416-1/
- https://launchpad.net/bugs/cve/CVE-2017-18269
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=cd66c0e584c6d692bc8347b5e72723d02b8a8ada
- https://security-tracker.debian.org/tracker/CVE-2017-18269
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269
- https://nvd.nist.gov/vuln/detail/CVE-2017-18269
- https://ubuntu.com/security/CVE-2017-18269
Frequently Asked Questions
What is CVE-2017-18269?
CVE-2017-18269 is a vulnerability in the GNU C Library (glibc) that affects versions 2.21 through 2.27.
How severe is CVE-2017-18269?
CVE-2017-18269 has a severity score of 9.8, indicating it is a critical vulnerability.
What is the affected software of CVE-2017-18269?
The affected software of CVE-2017-18269 is glibc versions 2.21 through 2.27.
How do I fix CVE-2017-18269?
To fix CVE-2017-18269, you should update glibc to version 2.28 or higher.
Where can I find more information about CVE-2017-18269?
More information about CVE-2017-18269 can be found at the following references: [link1], [link2], [link3].
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- vendor/gnu
- canonical/gnu c library (glibc)
- version/gnu c library (glibc)/2.21
- version/gnu c library (glibc)/2.27
- vendor/linux
- canonical/linux kernel
- package-manager/debian