{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-09T19:06:08.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=cd66c0e584c6d692bc8347b5e72723d02b8a8ada"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/fingolfin/memmove-bug"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22644"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190329-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190401-0001/"}, {"name": "USN-4416-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4416-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18269", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada", "refsource": "MISC", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada"}, {"name": "https://github.com/fingolfin/memmove-bug", "refsource": "MISC", "url": "https://github.com/fingolfin/memmove-bug"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22644", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22644"}, {"name": "https://security.netapp.com/advisory/ntap-20190329-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190329-0001/"}, {"name": "https://security.netapp.com/advisory/ntap-20190401-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190401-0001/"}, {"name": "USN-4416-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4416-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:13:49.212Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=cd66c0e584c6d692bc8347b5e72723d02b8a8ada"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/fingolfin/memmove-bug"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22644"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190329-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190401-0001/"}, {"name": "USN-4416-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4416-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18269", "datePublished": "2018-05-18T16:00:00.000Z", "dateReserved": "2018-05-18T00:00:00.000Z", "dateUpdated": "2024-08-05T21:13:49.212Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FE48C40-C85D-4EFE-8343-E8F54BE9AC27", "versionEndIncluding": "2.27", "versionStartIncluding": "2.21", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution."}, {"lang": "es", "value": "Una implementaci\u00f3n memmove optimizada para SSE2 para i386 en sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S en GNU C Library (tambi\u00e9n conocida como glibc o libc6), desde la versi\u00f3n 2.21 hasta la 2.27 no realiza correctamente la comprobaci\u00f3n de solapamiento de memoria si el rango de memoria de origen se extiende por el medio del espacio de memoria. Esto resulta en que se produzcan datos corruptos en la operaci\u00f3n de copia. Esto podr\u00eda revelar informaci\u00f3n a atacantes que dependen del contexto o resultar en una denegaci\u00f3n de servicio (DoS) o una posible ejecuci\u00f3n de c\u00f3digo."}], "id": "CVE-2017-18269", "lastModified": "2024-11-21T03:19:43.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-18T16:29:00.227", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/fingolfin/memmove-bug"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20190329-0001/"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20190401-0001/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22644"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=cd66c0e584c6d692bc8347b5e72723d02b8a8ada"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4416-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/fingolfin/memmove-bug"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20190329-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20190401-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22644"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=cd66c0e584c6d692bc8347b5e72723d02b8a8ada"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/4416-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "glibc: memory corruption in memcpy-sse2-unaligned.S", "id": "1580924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580924"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-119", "details": ["An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution."], "name": "CVE-2017-18269", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2017-12-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-18269\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18269"], "statement": "This issue did not affect the versions of glibc and compat-glibc as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.", "threat_severity": "Moderate"}

{}