Wind River Support Network

HomeDefectsLIN10-2780

Fixed

LIN10-2780 : Security Advisory - glibc - CVE-2017-17426

Created: Dec 13, 2017 Updated: Sep 13, 2022

Resolved Date: Jul 10, 2018

Found In Version: 10.17.41.1

Fix Version: 10.17.41.9

Severity: Standard

Applicable for: Wind River Linux LTS 17

Component/s: Toolchain

Description

The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.

https://nvd.nist.gov/vuln/detail/CVE-2017-17426

Other Downloads

Wind River Linux LTS 10.17.41.9
Wind River Linux LTS 10.17.41.10
Wind River Linux LTS 10.17.41.11
Wind River Linux LTS 10.17.41.12
Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux LTS 10.17.41.23
Wind River Linux LTS 10.17.41.24
Wind River Linux LTS 10.17.41.25
Wind River Linux LTS 10.17.41.26
Wind River Linux LTS 10.17.41.27

CVEs

CVE-2017-17426