Lucene search

[email protected]NVD:CVE-2018-6485

HistoryFeb 01, 2018 - 2:29 p.m.

CVE-2018-6485

2018-02-0114:29:00

CWE-190

CWE-787

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.005

Percentile

77.5%

JSON

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Affected configurations

Nvd

Node

gnuglibcRange≤2.26

Node

redhatvirtualization_hostMatch4.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_workstationMatch7.0

Node

oraclecommunications_session_border_controllerMatch8.0.0

oraclecommunications_session_border_controllerMatch8.1.0

oraclecommunications_session_border_controllerMatch8.2.0

oracleenterprise_communications_brokerMatch3.0.0

oracleenterprise_communications_brokerMatch3.1.0

Node

netappcloud_backupMatch-

netappdata_ontap_edgeMatch-

netappelement_softwareMatch-

netappelement_software_managementMatch-

netappsteelstore_cloud_integrated_storageMatch-

netappstorage_replication_adapterRange7.2≥

netappvasa_providerRange7.2≥clustered_data_ontap

netappvasa_providerMatch6.xclustered_data_ontap

netappvirtual_storage_consoleRange7.2≥vmware_vsphere

netappvirtual_storage_consoleMatch-

VendorProductVersionCPE
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
redhatvirtualization_host4.0cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_workstation7.0cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
oraclecommunications_session_border_controller8.0.0cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
oraclecommunications_session_border_controller8.1.0cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
oraclecommunications_session_border_controller8.2.0cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
oracleenterprise_communications_broker3.0.0cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
oracleenterprise_communications_broker3.1.0cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	*	cpe:2.3:a:gnu:glibc::::::::
redhat	virtualization_host	4.0	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_workstation	7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
oracle	communications_session_border_controller	8.0.0	cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:::::::*
oracle	communications_session_border_controller	8.1.0	cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:::::::*
oracle	communications_session_border_controller	8.2.0	cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:::::::*
oracle	enterprise_communications_broker	3.0.0	cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:::::::*
oracle	enterprise_communications_broker	3.1.0	cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:::::::*