Integer overflow

2018-02-0114:29:00

PRIOn knowledge base

www.prio-n.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

CPENameOperatorVersion
glibcle2.26
storage_replication_adapterge7.2
vasa_providerge7.2
vasa_providereq6.0.120
virtual_storage_consolege7.2
communications_session_border_controllereq8.1.0
communications_session_border_controllereq8.2.0
communications_session_border_controllereq8.0.0
enterprise_communications_brokereq3.0.0
enterprise_communications_brokereq3.1.0

Name	Operator	Version
glibc	le	2.26
storage_replication_adapter	ge	7.2
vasa_provider	ge	7.2
vasa_provider	eq	6.0.120
virtual_storage_console	ge	7.2
communications_session_border_controller	eq	8.1.0
communications_session_border_controller	eq	8.2.0
communications_session_border_controller	eq	8.0.0
enterprise_communications_broker	eq	3.0.0
enterprise_communications_broker	eq	3.1.0