CVE-2018-6485
Summary
| CVE | CVE-2018-6485 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-02-01 14:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. |
Risk And Classification
Problem Types: CWE-787 | CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnu | Glibc | All | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | Data Ontap Edge | - | All | All | All |
| Application | Netapp | Data Ontap Edge | - | All | All | All |
| Application | Netapp | Element Software | - | All | All | All |
| Application | Netapp | Element Software | - | All | All | All |
| Application | Netapp | Element Software Management | - | All | All | All |
| Application | Netapp | Element Software Management | - | All | All | All |
| Application | Netapp | Steelstore Cloud Integrated Storage | - | All | All | All |
| Application | Netapp | Steelstore Cloud Integrated Storage | - | All | All | All |
| Application | Netapp | Storage Replication Adapter | All | All | All | All |
| Application | Netapp | Storage Replication Adapter | All | All | All | All |
| Application | Netapp | Vasa Provider | All | All | All | All |
| Application | Netapp | Vasa Provider | 6.x | All | All | All |
| Application | Netapp | Vasa Provider | All | All | All | All |
| Application | Netapp | Vasa Provider | 6.x | All | All | All |
| Application | Netapp | Virtual Storage Console | All | All | All | All |
| Application | Netapp | Virtual Storage Console | - | All | All | All |
| Application | Netapp | Virtual Storage Console | All | All | All | All |
| Application | Netapp | Virtual Storage Console | - | All | All | All |
| Application | Oracle | Communications Session Border Controller | 8.0.0 | All | All | All |
| Application | Oracle | Communications Session Border Controller | 8.1.0 | All | All | All |
| Application | Oracle | Communications Session Border Controller | 8.2.0 | All | All | All |
| Application | Oracle | Communications Session Border Controller | 8.0.0 | All | All | All |
| Application | Oracle | Communications Session Border Controller | 8.1.0 | All | All | All |
| Application | Oracle | Communications Session Border Controller | 8.2.0 | All | All | All |
| Application | Oracle | Enterprise Communications Broker | 3.0.0 | All | All | All |
| Application | Oracle | Enterprise Communications Broker | 3.1.0 | All | All | All |
| Application | Oracle | Enterprise Communications Broker | 3.0.0 | All | All | All |
| Application | Oracle | Enterprise Communications Broker | 3.1.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Virtualization Host | 4.0 | All | All | All |
| Application | Redhat | Virtualization Host | 4.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | Patch, Third Party Advisory |
| 22343 – (CVE-2018-6485) Integer overflow in posix_memalign (CVE-2018-6485) | CONFIRM | sourceware.org | Issue Tracking, Third Party Advisory |
| GNU C Library CVE-2018-6485 Multiple Integer Overflow Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| February 2018 GNU C Library Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| USN-4218-1: GNU C Library vulnerability | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| #878159 - glibc: CVE-2018-6485: Integer overflow in posix_memalign - Debian Bug report logs | CONFIRM | bugs.debian.org | Issue Tracking, Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| USN-4416-1: GNU C Library vulnerabilities | Ubuntu security notices | Ubuntu | UBUNTU | usn.ubuntu.com | |
| Oracle Critical Patch Update Advisory - April 2019 | MISC | www.oracle.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.