CVE-2018-20404

ETKE900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary uncontrollable address, resulting in an eternal hang or a BSoD...

CVE-2018-19416

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memmove call, as demonstrated by sadf...

DEBIAN-CVE-2018-19416

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memmove call, as demonstrated by sadf...

Design/Logic Flaw

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memmove call, as demonstrated by sadf...

CVE-2018-19416

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memmove call, as demonstrated by sadf...

CVE-2018-19416

An issue was discovered in sysstat 12.1.1. The remapstruct function in sacommon.c has an out-of-bounds read during a memmove call, as demonstrated by sadf...

Heap overflow

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

CVE-2018-17974

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

CVE-2018-17974

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

CVE-2018-17974

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

UBUNTU-CVE-2018-14780

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...

DEBIAN-CVE-2018-14780

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...

CVE-2018-14780

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function ykpivfetchobject: % highlight c % ifsw == SWSUCCESS sizet outlen; int offs = ykpivgetlengthdata + 1, &outlen; ifoffs == 0 return YKPIVSIZEERROR;...

Medium: glibc

Issue Overview: stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary...

Security update for glibc (important)

This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary bsc1094150 - CVE-2018-11236: Fix overflow in path length computation bsc1094161 - CVE-2018-11237: Don't write beyond buffer destination in mempcpyavx512novzeroupper bsc1094154 Non...

SUSE-SU-2018:1562-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary bsc1094150 - CVE-2018-11236: Fix overflow in path length computation bsc1094161 - CVE-2018-11237: Don't write beyond buffer destination in mempcpyavx512novzeroupper bsc1094154 Non...

Fedora 27 : glibc (2018-9c88c32d15)

This updates contains various updates from the upstream glibc 2.26 release branch, including minor fixes for the realpath function and the i386 memmove implementation. Starting with this update, glibc will no longer re-exec systemd during glibc updates RHBZ1579225. Note that Tenable Network...

GNU glibc < 2.27 - Local Buffer Overflow

GNU glibc Vendor Homepage: http://www.gnu.org/ CVE: CVE-2018-11237 POC: $ cat mempcpy.c define GNUSOURCE 1 include include define N 97699 char aN; char bN+128; int main void memset a, 'x', N; char c = mempcpy b, a, N; assert c == 0; $ gcc -g mempcpy.c -o mempcpy -fno-builtin-mempcpy $ ./mempcpy...

GNU C Library Denial of Service Vulnerability (CNVD-2018-09998)

The GNU C Library a.k.a. glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in the 'memmove' function in the GNU C Library versions 2.21 through 2.27, which stems from the failure of the...

Code injection

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library aka glibc or libc6 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in...