Vulnerability Description
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | >= 2.24, <= 2.26 |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20190404-0003/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22774Issue TrackingMailing ListThird Party Advisory
- https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8e448310d74b283c5cd02b9ed
- https://security.netapp.com/advisory/ntap-20190404-0003/
- https://sourceware.org/bugzilla/show_bug.cgi?id=22774Issue TrackingMailing ListThird Party Advisory
- https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=8e448310d74b283c5cd02b9ed
FAQ
What is CVE-2018-6551?
CVE-2018-6551 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close t...
How severe is CVE-2018-6551?
CVE-2018-6551 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-6551?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc.