CVE-2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Published : 2018-05-18 16:29 Updated : 2019-04-25 18:44

4.6
CVSS Score More info
Score 4.6 / 10
4.6
Vendor Product Version URI
Gnu Glibc 2.27 cpe:/a:gnu:glibc:2.27
Redhat Virtualization Host 4.0 cpe:/a:redhat:virtualization_host:4.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
Netapp Element Software Management - cpe:/a:netapp:element_software_management:-
Oracle Communications Session Boarder Controller 8.0.0 cpe:/a:oracle:communications_session_boarder_controller:8.0.0
Oracle Communications Session Boarder Controller 8.1.0 cpe:/a:oracle:communications_session_boarder_controller:8.1.0
Oracle Communications Session Boarder Controller 8.2.0 cpe:/a:oracle:communications_session_boarder_controller:8.2.0
Oracle Enterprise Communications Broker 3.0.0 cpe:/a:oracle:enterprise_communications_broker:3.0.0
Oracle Enterprise Communications Broker 3.1.0 cpe:/a:oracle:enterprise_communications_broker:3.1.0
  1. Oracle (2) Search CVE
    1. Enterprise Communications Broker (2) Search CVE
      1. 3.0.0
      2. 3.1.0
    2. Communications Session Boarder Controller (3) Search CVE
      1. 8.0.0
      2. 8.1.0
      3. 8.2.0
  2. Netapp (2) Search CVE
    1. Data Ontap Edge (1) Search CVE
      1. -
    2. Element Software Management (1) Search CVE
      1. -
  3. Gnu (1) Search CVE
    1. Glibc (1) Search CVE
      1. 2.27
  4. Redhat (4) Search CVE
    1. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    2. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    3. Virtualization Host (1) Search CVE
      1. 4.0
    4. Enterprise Linux Server (1) Search CVE
      1. 7.0

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2019-04-25 18:44
2019-04-24 06:29
2019-04-23 19:31
2019-03-21 15:24
2018-10-31 10:30
2018-06-20 14:33
2018-05-27 01:29
2018-05-25 01:29
2018-05-18 16:29

New CVE