Unrated severityNVD Advisory· Published Feb 2, 2018· Updated Aug 5, 2024

CVE-2018-6551

Description

The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.

Affected products

osv-coords15 versions
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 2.22-62.6.2+ 14 more
- (no CPE)range: < 2.22-62.6.2
- (no CPE)range: < 2.22-62.6.2
- (no CPE)range: < 2.11.3-17.110.6.2
- (no CPE)range: < 2.11.3-17.110.6.2
- (no CPE)range: < 2.11.3-17.110.6.2
- (no CPE)range: < 2.11.3-17.110.6.2
- (no CPE)range: < 2.22-62.6.2
- (no CPE)range: < 2.22-62.6.2
- (no CPE)range: < 2.22-62.6.2
- (no CPE)range: < 2.11.3-17.110.6.2
- (no CPE)range: < 2.22-62.6.2
- (no CPE)range: < 2.22-62.6.2
- (no CPE)range: < 2.11.3-17.110.6.2
- (no CPE)range: < 2.22-62.6.2
- (no CPE)range: < 2.22-62.6.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.netapp.com/advisory/ntap-20190404-0003/mitrex_refsource_CONFIRM
sourceware.org/bugzilla/show_bug.cgimitrex_refsource_CONFIRM
sourceware.org/git/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000