Lucene search

MitreCVE-2018-11237

HistoryMay 18, 2018 - 4:29 p.m.

CVE-2018-11237

2018-05-1816:29:00

CWE-787

mitre

web.nvd.nist.gov

145

avx-512

mempcpy

glibc

libc6

buffer overflow

vulnerability

cve-2018-11237

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Affected configurations

Nvd

Node

gnuglibcRange≤2.27

Node

redhatvirtualization_hostMatch4.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

oraclecommunications_session_border_controllerMatch8.0.0

oraclecommunications_session_border_controllerMatch8.1.0

oraclecommunications_session_border_controllerMatch8.2.0

oracleenterprise_communications_brokerMatch3.0.0

oracleenterprise_communications_brokerMatch3.1.0

Node

netappdata_ontap_edgeMatch-

netappelement_software_managementMatch-

Node

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.10

VendorProductVersionCPE
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
redhatvirtualization_host4.0cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation7.0cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
oraclecommunications_session_border_controller8.0.0cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
oraclecommunications_session_border_controller8.1.0cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
oraclecommunications_session_border_controller8.2.0cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
oracleenterprise_communications_broker3.0.0cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
oracleenterprise_communications_broker3.1.0cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	*	cpe:2.3:a:gnu:glibc::::::::
redhat	virtualization_host	4.0	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_workstation	7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
oracle	communications_session_border_controller	8.0.0	cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:::::::*
oracle	communications_session_border_controller	8.1.0	cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:::::::*
oracle	communications_session_border_controller	8.2.0	cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:::::::*
oracle	enterprise_communications_broker	3.0.0	cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:::::::*
oracle	enterprise_communications_broker	3.1.0	cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:::::::*