The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-05T17:00:00Z

Updated: 2024-09-16T16:32:49.604Z

Reserved: 2017-12-05T00:00:00Z

Link: CVE-2017-17426

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-12-05T17:29:00.940

Modified: 2023-11-07T02:41:42.760

Link: CVE-2017-17426

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-10-31T00:00:00Z

Links: CVE-2017-17426 - Bugzilla