CVE-2017-18269 Information
Description
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers or result in a denial of service or possibly code execution.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/fingolfin/memmove-bug https://security.netapp.com/advisory/ntap-20190329-0001/ https://security.netapp.com/advisory/ntap-20190401-0001/ https://sourceware.org/bugzilla/show_bug.cgi?id=22644 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada https://usn.ubuntu.com/4416-1/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: