UBUNTU-CVE-2018-6551

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2018-6551

Published: 02 Feb 2018, 14:29

Last modified:16 Jul 2025, 07:38

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

3.0 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Feb 2018, 14:29

Published

Vulnerability first disclosed

16 Jul 2025, 07:38

Last Modified

Vulnerability information updated

Description

The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.

CVSS Metrics

v3.0•CRITICAL•Score: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

ubuntu•glibc
< 2.27-3ubuntu1

References (4)

https://ubuntu.com/security/CVE-2018-6551
https://sourceware.org/bugzilla/show_bug.cgi?id=22774
https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
https://www.cve.org/CVERecord?id=CVE-2018-6551