GNU glibc CVE-2018-11236 Stack Buffer Overflow Vulnerability

BID:104255

CVE-2018-11236 |

Info

GNU glibc CVE-2018-11236 Stack Buffer Overflow Vulnerability

Bugtraq ID: 104255
Class: Boundary Condition Error
CVE: CVE-2018-11236
Remote: Yes
Local: No
Published: May 18 2018 12:00AM
Updated: Apr 17 2019 05:00AM
Credit: The vendor reported this issue.
Vulnerable: Oracle Enterprise Session Border Controller 8.2
Oracle Enterprise Session Border Controller 8.1
Oracle Enterprise Session Border Controller 8.0
Oracle Enterprise Communications Broker 3.1
Oracle Enterprise Communications Broker 3.0
Oracle Communications Session Border Controller 8.2
Oracle Communications Session Border Controller 8.1
Oracle Communications Session Border Controller 8.0
GNU glibc 2.22.90
GNU glibc 2.12.2
GNU glibc 2.12.1
GNU glibc 2.11.2
GNU glibc 2.11.1
GNU glibc 2.10.1
GNU glibc 2.5
GNU glibc 2.3.10
+ Debian Linux 2.2
GNU glibc 2.3.4
GNU glibc 2.3.3
+ MandrakeSoft apcupsd 2006.0
 + Mandriva Linux Mandrake 10.1 x86_64
 + Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ Redhat Fedora Core2
 GNU glibc 2.3.2
+ Redhat Linux 9.0 i386
 + Redhat Linux 8.0
+ Trustix Secure Linux 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 GNU glibc 2.3.1
+ Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
+ Slackware Linux 9.0
GNU glibc 2.3
GNU glibc 2.2.5
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ Gentoo Linux 0.7
+ Gentoo Linux 0.5
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Redhat Linux 7.3 i386
 + Redhat Linux 7.3
+ Slackware Linux 8.1
GNU glibc 2.2.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ HP Secure OS software for Linux 1.0
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
+ Redhat Enterprise Linux AS 2.1 IA64
 + Redhat Enterprise Linux AS 2.1
 + Redhat Enterprise Linux ES 2.1 IA64
 + Redhat Enterprise Linux ES 2.1
 + Redhat Enterprise Linux WS 2.1 IA64
 + Redhat Enterprise Linux WS 2.1
 + Redhat Linux 7.2 i686
 + Redhat Linux 7.2 i386
 + Redhat Linux 7.1 ia64
 + Redhat Linux 7.1 i686
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1 alphaev6
 + Redhat Linux 7.1 alpha
 + Redhat Linux 7.0 alphaev6
 + Redhat Linux 7.0 i686
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Redhat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux Database Server 0
 + S.u.S.E. Linux Enterprise Server for S/390
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. SuSE eMail Server III
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ SuSE Linux 8.0 i386
 + SuSE Linux 8.0
+ SuSE Linux 7.3 sparc
 + SuSE Linux 7.3 ppc
 + SuSE Linux 7.3 i386
 + SuSE Linux 7.3
+ SuSE SUSE Linux Enterprise Server 7
 GNU glibc 2.2.3
GNU glibc 2.2.2
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ SuSE Linux 7.2 i386
 + SuSE Linux 7.2
GNU glibc 2.2.1
GNU glibc 2.2
+ SuSE Linux 7.1 x86
 + SuSE Linux 7.1 sparc
 + SuSE Linux 7.1 ppc
 + SuSE Linux 7.1 alpha
 + SuSE Linux 7.1
+ Wirex Immunix OS 7+
 GNU glibc 2.1.9
GNU glibc 2.1.3
+ Debian Linux 2.2 sparc
 + Debian Linux 2.2 powerpc
 + Debian Linux 2.2 IA-32
 + Debian Linux 2.2 arm
 + Debian Linux 2.2 alpha
 + Debian Linux 2.2 68k
 + Debian Linux 2.2
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Openwall Openwall GNU/*/Linux 0.1 -stable
 + Redhat Linux 6.2 sparcv9
 + Redhat Linux 6.2 sparc
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2 alpha
 + Redhat Linux 6.2
 + SuSE Linux 7.0 sparc
 + SuSE Linux 7.0 ppc
 + SuSE Linux 7.0 i386
 + SuSE Linux 7.0 alpha
 + SuSE Linux 7.0
+ SuSE Linux 6.4 ppc
 + SuSE Linux 6.4 i386
 + SuSE Linux 6.4 alpha
 + SuSE Linux 6.4
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.0 1
 GNU glibc 2.1.2
GNU glibc 2.1.1
GNU glibc 2.1
GNU glibc 2.0.6
GNU glibc 2.0.5
GNU glibc 2.0.4
GNU glibc 2.0.3
GNU glibc 2.0.2
GNU glibc 2.0.1
GNU glibc 2.0
GNU glibc 2.9
GNU glibc 2.8
GNU glibc 2.7
GNU glibc 2.6.1
GNU glibc 2.6
GNU glibc 2.5.1
GNU glibc 2.4
GNU glibc 2.3.6
GNU glibc 2.3.5
GNU glibc 2.26
GNU glibc 2.25
GNU glibc 2.24
GNU glibc 2.23
GNU glibc 2.22
GNU glibc 2.21
GNU glibc 2.20
GNU glibc 2.19
GNU glibc 2.18
GNU glibc 2.17
GNU glibc 2.16
GNU glibc 2.15
GNU glibc 2.14.1
GNU glibc 2.14
GNU glibc 2.13
GNU glibc 2.12
GNU glibc 2.11.3
GNU glibc 2.11
GNU glibc 2.10
GNU glibc 2.1.3.10
GNU Cfengine 1.2.3
Not Vulnerable: GNU glibc 2.27

Discussion

GNU glibc CVE-2018-11236 Stack Buffer Overflow Vulnerability

GNU glibc is prone to a stack-based buffer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits will result in denial-of-service condition.

Versions prior to glibc 2.27 are vulnerable.

Exploit / POC

GNU glibc CVE-2018-11236 Stack Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

GNU glibc CVE-2018-11236 Stack Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report