CVE-2017-18269
Last modified
CVE-2017-18269 is a vulnerability of currently unknown severity. An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.. EPSS estimates a 4.83% chance of exploitation in the next 30 days.
Description
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | >= 2.21, <= 2.27 |
References
- https://github.com/fingolfin/memmove-bugThird Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=22644Issue Tracking
- https://github.com/fingolfin/memmove-bugThird Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=22644Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18269?
How severe is CVE-2017-18269?
How do I fix CVE-2017-18269?
Are you affected by CVE-2017-18269?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST