CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software_management:-:*:*:*:*:*:*:*

History

07 Nov 2023, 02:51

Type Values Removed Values Added
References
  • {'url': 'https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2', 'name': 'https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2', 'tags': ['Patch', 'Release Notes', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=5460617d1567657621107d895ee2dd83bc1f88f2 -

Information

Published : 2018-05-18 16:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-11236

Mitre link : CVE-2018-11236

CVE.ORG link : CVE-2018-11236


JSON object : View

Products Affected

gnu

  • glibc

oracle

  • communications_session_border_controller
  • enterprise_communications_broker

redhat

  • virtualization_host
  • enterprise_linux_server
  • enterprise_linux_desktop
  • enterprise_linux_workstation

netapp

  • data_ontap_edge
  • element_software_management
CWE
CWE-190

Integer Overflow or Wraparound

CWE-787

Out-of-bounds Write