CVE-2018-6485

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Published : 2018-02-01 14:29 Updated : 2019-04-26 12:42

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Redhat Virtualization Host 4.0 cpe:/a:redhat:virtualization_host:4.0
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Netapp Cloud Backup - cpe:/a:netapp:cloud_backup:-
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
Netapp Element Software - cpe:/a:netapp:element_software:-
Netapp Element Software Management - cpe:/a:netapp:element_software_management:-
Netapp Steelstore Cloud Integrated Storage - cpe:/a:netapp:steelstore_cloud_integrated_storage:-
Netapp Vasa Provider 6.x cpe:/a:netapp:vasa_provider:6.x::~~~clustered_data_ontap~~
Netapp Virtual Storage Console - cpe:/a:netapp:virtual_storage_console:-
Oracle Communications Session Border Controller 8.0.0 cpe:/a:oracle:communications_session_border_controller:8.0.0
Oracle Communications Session Border Controller 8.1.0 cpe:/a:oracle:communications_session_border_controller:8.1.0
Oracle Communications Session Border Controller 8.2.0 cpe:/a:oracle:communications_session_border_controller:8.2.0
Oracle Enterprise Communications Broker 3.0.0 cpe:/a:oracle:enterprise_communications_broker:3.0.0
Oracle Enterprise Communications Broker 3.1.0 cpe:/a:oracle:enterprise_communications_broker:3.1.0
Gnu Glibc 2.26 cpe:/a:gnu:glibc:2.26
  1. Gnu (1) Search CVE
    1. Glibc (1) Search CVE
      1. 2.26
  2. Redhat (4) Search CVE
    1. Enterprise Linux Desktop (1) Search CVE
      1. 7.0
    2. Enterprise Linux Server (1) Search CVE
      1. 7.0
    3. Enterprise Linux Workstation (1) Search CVE
      1. 7.0
    4. Virtualization Host (1) Search CVE
      1. 4.0
  3. Netapp (7) Search CVE
    1. Element Software Management (1) Search CVE
      1. -
    2. Vasa Provider (1) Search CVE
      1. 6.x
    3. Element Software (1) Search CVE
      1. -
    4. Virtual Storage Console (1) Search CVE
      1. -
    5. Cloud Backup (1) Search CVE
      1. -
    6. Data Ontap Edge (1) Search CVE
      1. -
    7. Steelstore Cloud Integrated Storage (1) Search CVE
      1. -
  4. Oracle (2) Search CVE
    1. Enterprise Communications Broker (2) Search CVE
      1. 3.0.0
      2. 3.1.0
    2. Communications Session Border Controller (3) Search CVE
      1. 8.0.0
      2. 8.1.0
      3. 8.2.0

CWE

ID Name Description Links
CWE-190 Integer Overflow or Wraparound The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. CVE

History of changes

Date Event
2019-04-26 12:42
2019-04-24 06:29
2019-04-23 19:32
2019-03-20 15:13
2018-10-31 10:32
2018-02-22 14:54
2018-02-07 02:29
2018-02-01 14:29

New CVE