Search for vulnerabilities
Vulnerability details: VCID-b2pc-cqxh-aaap
Vulnerability ID VCID-b2pc-cqxh-aaap
Aliases CVE-2017-17426
Summary The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17426.html
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17426.json
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00358 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
epss 0.01194 https://api.first.org/data/v1/epss?cve=CVE-2017-17426
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1524530
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17426
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2017-17426
cvssv3 8.1 https://nvd.nist.gov/vuln/detail/CVE-2017-17426
generic_textual Medium https://sourceware.org/bugzilla/show_bug.cgi?id=22375
generic_textual Medium https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
generic_textual High https://ubuntu.com/security/notices/USN-3534-1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17426.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17426.json
https://api.first.org/data/v1/epss?cve=CVE-2017-17426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17426
https://sourceware.org/bugzilla/show_bug.cgi?id=22375
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=34697694e8a93b325b18f25f7dcded55d6baeaf6
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
https://ubuntu.com/security/notices/USN-3534-1
1524530 https://bugzilla.redhat.com/show_bug.cgi?id=1524530
cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:*:*
CVE-2017-17426 https://nvd.nist.gov/vuln/detail/CVE-2017-17426
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17426.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17426
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17426
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.59134
EPSS Score 0.00207
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.