Vulnerability Details : CVE-2017-18269
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-18269
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-18269
0.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-18269
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-18269
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-18269
-
https://security.netapp.com/advisory/ntap-20190401-0001/
May 2018 GNU C Library Vulnerabilities in NetApp Products | NetApp Product Security
-
https://sourceware.org/bugzilla/show_bug.cgi?id=22644
22644 – (CVE-2017-18269) memmove-sse2-unaligned on 32bit x86 produces garbage when crossing 2GB threshold (CVE-2017-18269)Issue Tracking
-
https://security.netapp.com/advisory/ntap-20190329-0001/
NetApp Product Security
-
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada
sourceware.org Git - glibc.git/commitPatch
-
https://usn.ubuntu.com/4416-1/
USN-4416-1: GNU C Library vulnerabilities | Ubuntu security notices | Ubuntu
-
https://github.com/fingolfin/memmove-bug
GitHub - fingolfin/memmove-bug: Reproducing a bug in GNU libc's memmoveThird Party Advisory
Jump to