Fluid Attacks Database

Description

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	glibc	>=0 <2.27-1	2.27-1
debian 14	glibc	>=0 <2.27-1	2.27-1
debian 12	glibc	>=0 <2.27-1	2.27-1
debian 11	glibc	>=0 <2.27-1	2.27-1
rpm rhel7	glibc	<0:2.17-260.el7	0:2.17-260.el7
rpm rhel6	compat-glibc	-	-
rpm rhel5	glibc	-	-
rpm rhel7	compat-glibc	-	-
rpm rhel5	compat-glibc	-	-
rpm rhel6	glibc	-	-

Aliases

1. CVE-2018-64852. NVD-2018-64853. OSV-DEBIAN-2018-64854. OSV-2018-64855. SECURITY-TRACKER-CVE-2018-6485

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.