CVE-2018-6485

high-risk
Published 2018-02-01

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Element Software Management
Vasa Provider
Vasa Provider

Affected Vendors

Redhat Gnu Oracle Netapp

References (18)

Issue Tracking http://bugs.debian.org/878159
Third Party Advisory http://www.securityfocus.com/bid/102912
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0327
Patch https://access.redhat.com/errata/RHSA-2018:3092
Third Party Advisory https://security.netapp.com/advisory/ntap-20190404-0003/
Issue Tracking https://sourceware.org/bugzilla/show_bug.cgi?id=22343
https://usn.ubuntu.com/4218-1/
https://usn.ubuntu.com/4416-1/
Patch https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Issue Tracking http://bugs.debian.org/878159
Third Party Advisory http://www.securityfocus.com/bid/102912
Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0327
Patch https://access.redhat.com/errata/RHSA-2018:3092
Third Party Advisory https://security.netapp.com/advisory/ntap-20190404-0003/
Issue Tracking https://sourceware.org/bugzilla/show_bug.cgi?id=22343
https://usn.ubuntu.com/4218-1/
https://usn.ubuntu.com/4416-1/
Patch https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
55
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 20/34 · Moderate