CVE-2018-17942
- Source
- https://cve.org/CVERecord?id=CVE-2018-17942
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17942.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-17942
- Downstream
- Published
- 2018-10-03T08:29:00.430Z
- Modified
- 2026-06-18T04:04:26.497948062Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The converttodecimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.
- Database specific
{ "unresolved_ranges": [ { "vendor_product": "gnu:gnulib", "extracted_events": [ { "fixed": "2018-09-23" } ], "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:gnu:gnulib:*:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "fixed": "2018-09-23" } ], "source": "DESCRIPTION" } ] }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5UQRNQE6XHMD5UYYHAU3VQWAYHIPMQS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGHTVYH3KAFN34QXNSGEQDSTV7MCOQW/
- https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35
- https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html
- https://savannah.gnu.org/bugs/?func=detailitem&item_id=54686
Affected packages
Git / github.com/coreutils/gnulib
Affected versions
Other
CPPI-1_10
CPPI-1_8
CPPI-1_9
EMACS_20_2
EMACS_20_4
EMACS_21_1
EMACS_PRETEST_21_0_103
EMACS_PRETEST_21_0_95
FILEUTILS-3_12a
FILEUTILS-3_12f
FILEUTILS-3_12g
FILEUTILS-3_12j
FILEUTILS-3_12l
FILEUTILS-3_12m
FILEUTILS-3_12r
FILEUTILS-3_12s
FILEUTILS-3_13
FILEUTILS-3_13c
FILEUTILS-3_13f
FILEUTILS-3_13g
FILEUTILS-3_13h
FILEUTILS-3_13j
FILEUTILS-3_13k
FILEUTILS-3_14b
FILEUTILS-3_16g
FILEUTILS-3_16h
FILEUTILS-3_16i
FILEUTILS-3_16j
FILEUTILS-3_16k
FILEUTILS-3_16l
FILEUTILS-3_16m
FILEUTILS-3_16n
FILEUTILS-3_16p
FILEUTILS-3_16q
FILEUTILS-3_16r
FILEUTILS-3_16s
FILEUTILS-3_16t
FILEUTILS-3_16u
FILEUTILS-3_16v
FILEUTILS-3_16w
FILEUTILS-3_16x
FILEUTILS-3_16z
FILEUTILS-3_8_3b
FILEUTILS-4_0
FILEUTILS-4_0-b2
FILEUTILS-4_0-b3
FILEUTILS-4_0-b4
FILEUTILS-4_0-b6
FILEUTILS-4_0-b7
FILEUTILS-4_0-pre1
FILEUTILS-4_0_27
FILEUTILS-4_0_28
FILEUTILS-4_0_29
FILEUTILS-4_0_30
FILEUTILS-4_0_31
FILEUTILS-4_0_32
FILEUTILS-4_0_33
FILEUTILS-4_0_34
FILEUTILS-4_0_35
FILEUTILS-4_0_36
FILEUTILS-4_0_37
FILEUTILS-4_0_38
FILEUTILS-4_0_39
FILEUTILS-4_0_41
FILEUTILS-4_0_42
FILEUTILS-4_0_43
FILEUTILS-4_0_45
FILEUTILS-4_0e
FILEUTILS-4_0f
FILEUTILS-4_0g
FILEUTILS-4_0i
FILEUTILS-4_0j-trial
FILEUTILS-4_0k
FILEUTILS-4_0l
FILEUTILS-4_0m
FILEUTILS-4_0q
FILEUTILS-4_0r
FILEUTILS-4_0s
FILEUTILS-4_0t
FILEUTILS-4_0u
FILEUTILS-4_0v
FILEUTILS-4_0w
FILEUTILS-4_0x
FILEUTILS-4_0y
FILEUTILS-4_0z
FILEUTILS-4_1-b1
FILEUTILS-4_1-b2
FILEUTILS-4_1-b3
FILEUTILS-4_1_1
FILEUTILS-4_1_2
FILEUTILS-4_1_3
FILEUTILS-4_1_4
FILEUTILS-4_1_5
FILEUTILS-4_1_6
FILEUTILS-4_1_7
FILEUTILS-4_1_8
FILEUTILS-4_1_9
RMAIL-MBOX-BASE
SH-UTILS-1_12a
SH-UTILS-1_12d
SH-UTILS-1_12f
SH-UTILS-1_12g
SH-UTILS-1_12o
SH-UTILS-1_12p
SH-UTILS-1_12r
SH-UTILS-1_12t
SH-UTILS-1_14
SH-UTILS-1_15
SH-UTILS-1_15a
SH-UTILS-1_16
SH-UTILS-1_16a
SH-UTILS-1_16b
SH-UTILS-1_16c
SH-UTILS-1_16d
SH-UTILS-1_16f
SH-UTILS-1_16h
SH-UTILS-1_16k
SH-UTILS-1_16m
SH-UTILS-2_0
SH-UTILS-2_0_11
SH-UTILS-2_0_12
SH-UTILS-2_0a
SH-UTILS-2_0b
SH-UTILS-2_0c
SH-UTILS-2_0d
SH-UTILS-2_0e
SH-UTILS-2_0f
SH-UTILS-2_0g
SH-UTILS-2_0h
SH-UTILS-2_0i
SH-UTILS-2_0j
TEXTUTILS-1_13
TEXTUTILS-1_13g
TEXTUTILS-1_13i
TEXTUTILS-1_13j
TEXTUTILS-1_14
TEXTUTILS-1_14a
TEXTUTILS-1_14b
TEXTUTILS-1_14c
TEXTUTILS-1_14d
TEXTUTILS-1_18
TEXTUTILS-1_18e
TEXTUTILS-1_19d
TEXTUTILS-1_19g
TEXTUTILS-1_19m
TEXTUTILS-1_19n
TEXTUTILS-1_19o
TEXTUTILS-1_19q
TEXTUTILS-1_19r
TEXTUTILS-1_20a
TEXTUTILS-1_20b
TEXTUTILS-1_21a
TEXTUTILS-1_22a
TEXTUTILS-1_22c
TEXTUTILS-1_22d
TEXTUTILS-1_22f
TEXTUTILS-1_22g
TEXTUTILS-1_22h
TEXTUTILS-1_22i
TEXTUTILS-1_22j
TEXTUTILS-1_22k
TEXTUTILS-1_22l
TEXTUTILS-1_22m
TEXTUTILS-1_22n
TEXTUTILS-1_22o
TEXTUTILS-1_22p
TEXTUTILS-1_22q
TEXTUTILS-1_8b
TEXTUTILS-2_0
TEXTUTILS-2_0_10
TEXTUTILS-2_0_12
TEXTUTILS-2_0_15
TEXTUTILS-2_0_16
TEXTUTILS-2_0_17
TEXTUTILS-2_0_18
TEXTUTILS-2_0_19
TEXTUTILS-2_0_20
TEXTUTILS-2_0_21
TEXTUTILS-2_0_8
TEXTUTILS-2_0_9
TEXTUTILS-2_0a
TEXTUTILS-2_0c
TEXTUTILS-2_0e
TEXTUTILS-2_0f
TEXTUTILS-2_0g
ctype-fix
cvs-readonly
emacs-unicode-base
kfs_20030524_pre
lexbind-before-merge-20030404
merge-with-1_9_4k
post-jumbo-LFS
pre-getopt
pre-jumbo-LFS
pre-version
raeburn-tag-4-for-export
ss-940725-22h45
ss-950520-08h12-sync-tu
ss-950614-22h58-1_11_5a
textutils-1_12_1
version-3_4_2-to-fsf
version-3_4_4-tentative
v0.*
v0.0
v0.1