Vulnerability Description
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | 2.26 |
Related Weaknesses (CWE)
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=22375ExploitIssue Tracking
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=34697694e8a93b325b18f25f7d
- https://sourceware.org/bugzilla/show_bug.cgi?id=22375ExploitIssue Tracking
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=34697694e8a93b325b18f25f7d
FAQ
What is CVE-2017-17426?
CVE-2017-17426 is a vulnerability with a CVSS score of 8.1 (HIGH). The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentiall...
How severe is CVE-2017-17426?
CVE-2017-17426 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17426?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc.