1581269 – (CVE-2018-11236) CVE-2018-11236 glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow

Bug 1581269 (CVE-2018-11236) - CVE-2018-11236 glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow

Summary: CVE-2018-11236 glibc: Integer overflow in stdlib/canonicalize.c on 32-bit arc...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-11236
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1579742 1581270 1581271 1581881 1581882 1582343 1582344 1849766
Blocks:	1581279
TreeView+	depends on / blocked

Reported:	2018-05-22 12:49 UTC by Andrej Nemec
Modified:	2024-03-25 15:04 UTC (History)
CC List:	20 users (show)
Fixed In Version:	glibc 2.28
Clone Of:
Environment:
Last Closed:	2019-06-10 10:26:11 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:3092	0	None	None	None	2018-10-30 07:36:29 UTC
Sourceware	22786	0	P2	RESOLVED	Stack buffer overflow in realpath() if input size is close to SSIZE_MAX (CVE-2018-11236)	2021-02-05 11:08:48 UTC

Description Andrej Nemec 2018-05-22 12:49:42 UTC

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Upstream issue:

https://sourceware.org/bugzilla/show_bug.cgi?id=22786

Upstream patch:

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2

Product bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1579742

Comment 1 Andrej Nemec 2018-05-22 12:50:29 UTC

Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 1581270]

Comment 9 errata-xmlrpc 2018-10-30 07:36:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3092 https://access.redhat.com/errata/RHSA-2018:3092

Comment 10 Marian Rehak 2019-06-14 10:17:56 UTC

Statement:

Red Hat Product Security has rated this issue as having moderate security impact and a future update may address this flaw.

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
alanm
aoliva
arjun.is
ashankar
codonell
dbaker
dj
fweimer
glibc-bugzilla
jokerman
law
mfabian
mnewsome
pfrankli
rth
siddhesh
sthangav
trankin
yozone