ALAS2-2018-1048 --- glibcID: oval:org.secpod.oval:def:1700062 | Date: (C)2018-07-26 (M)2023-12-20 |
Class: PATCH | Family: unix |
stdlib/canonicalize.c in the GNU C Library 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.The GNU C Library before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. The glob function in glob.c in the GNU C Library before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.