CVE-2017-18269

Priority
Description
An SSE2-optimized memmove implementation for i386 in
sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library
(aka glibc or libc6) 2.21 through 2.27 does not correctly perform the
overlapping memory check if the source memory range spans the middle of the
address space, resulting in corrupt data being produced by the copy
operation. This may disclose information to context-dependent attackers, or
result in a denial of service, or, possibly, code execution.
Notes
 sbeattie> introduced in glibv 2.21
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (pre 2.21)
Trusty/esm:not-affected (pre 2.21)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:released (2.28)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (2.28-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.28-0ubuntu1)
Ubuntu 19.10 (Eoan):not-affected (2.28-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada
More Information

Updated: 2019-04-26 14:22:12 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)