CVE-2017-18269

Priority
Description
An SSE2-optimized memmove implementation for i386 in
sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library
(aka glibc or libc6) 2.21 through 2.27 does not correctly perform the
overlapping memory check if the source memory range spans the middle of the
address space, resulting in corrupt data being produced by the copy
operation. This may disclose information to context-dependent attackers, or
result in a denial of service, or, possibly, code execution.
Notes
sbeattieintroduced in glibc 2.21
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (pre 2.21)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (pre 2.21)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2019-12-05 19:47:13 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)