CVE-2017-18269

Priority
Description
An SSE2-optimized memmove implementation for i386 in
sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library
(aka glibc or libc6) 2.21 through 2.27 does not correctly perform the
overlapping memory check if the source memory range spans the middle of the
address space, resulting in corrupt data being produced by the copy
operation. This may disclose information to context-dependent attackers, or
result in a denial of service, or, possibly, code execution.
Notes
sbeattieintroduced in glibc 2.21
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (pre 2.21)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (pre 2.21)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-07-28 20:01:07 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)