7.8
CVE-2018-11237
- EPSS 0.59%
- Published 18.05.2018 16:29:00
- Last modified 21.11.2024 03:42:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Virtualization Host Version4.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Oracle ≫ Communications Session Border Controller Version8.0.0
Oracle ≫ Communications Session Border Controller Version8.1.0
Oracle ≫ Communications Session Border Controller Version8.2.0
Oracle ≫ Enterprise Communications Broker Version3.0.0
Oracle ≫ Enterprise Communications Broker Version3.1.0
Netapp ≫ Data Ontap Edge Version-
Netapp ≫ Element Software Management Version-
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.682 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.