CVE-2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
gnuglibc
𝑥
≤ 2.27
redhatvirtualization_host
4.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
oraclecommunications_session_border_controller
8.0.0
oraclecommunications_session_border_controller
8.1.0
oraclecommunications_session_border_controller
8.2.0
oracleenterprise_communications_broker
3.0.0
oracleenterprise_communications_broker
3.1.0
netappdata_ontap_edge
-
netappelement_software_management
-
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
artful
dne
xenial
dne
trusty
not-affected
glibc
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
Fixed 2.27-3ubuntu1.2
released
artful
ignored
xenial
Fixed 2.23-0ubuntu11.2
released
trusty
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104256
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3092
https://security.netapp.com/advisory/ntap-20190329-0001/
https://security.netapp.com/advisory/ntap-20190401-0001/
https://sourceware.org/bugzilla/show_bug.cgi?id=23196
https://usn.ubuntu.com/4416-1/
https://www.exploit-db.com/exploits/44750/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.securityfocus.com/bid/104256
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2018:3092
https://security.netapp.com/advisory/ntap-20190329-0001/
https://security.netapp.com/advisory/ntap-20190401-0001/
https://sourceware.org/bugzilla/show_bug.cgi?id=23196
https://usn.ubuntu.com/4416-1/
https://www.exploit-db.com/exploits/44750/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html