CVE-2018-11236

Impact:
Moderate
Public Date:
2018-02-04
Bugzilla:
1581269: CVE-2018-11236 glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow

The MITRE CVE dictionary describes this issue as:

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Find out more about CVE-2018-11236 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Product Security has rated this issue as having a security impact of Moderate, and a future update may address this flaw.

CVSS v3 metrics

CVSS3 Base Score 7.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (glibc) RHSA-2018:3092 2018-10-30

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 glibc Will not fix
Red Hat Enterprise Linux 7 compat-glibc Not affected
Red Hat Enterprise Linux 6 glibc Will not fix
Red Hat Enterprise Linux 6 compat-glibc Not affected
Red Hat Enterprise Linux 5 compat-glibc Not affected
Red Hat Enterprise Linux 5 glibc Will not fix
Last Modified

CVE description copyright © 2017, The MITRE Corporation