CVE-2018-17942
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-17942
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-17942.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-17942
- Downstream
- Related
- Published
- 2018-10-03T08:29:00.430Z
- Modified
- 2025-11-14T08:07:15.693534Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The converttodecimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5UQRNQE6XHMD5UYYHAU3VQWAYHIPMQS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGHTVYH3KAFN34QXNSGEQDSTV7MCOQW/
- https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35
- https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html
- https://savannah.gnu.org/bugs/?func=detailitem&item_id=54686
Affected packages
Git / github.com/coreutils/gnulib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/coreutils/gnulib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
CPPI-1_10
CPPI-1_8
CPPI-1_9
EMACS_20_2
EMACS_20_4
EMACS_21_1
EMACS_PRETEST_21_0_103
EMACS_PRETEST_21_0_95
FILEUTILS-3_12a
FILEUTILS-3_12f
FILEUTILS-3_12g
FILEUTILS-3_12j
FILEUTILS-3_12l
FILEUTILS-3_12m
FILEUTILS-3_12r
FILEUTILS-3_12s
FILEUTILS-3_13
FILEUTILS-3_13c
FILEUTILS-3_13f
FILEUTILS-3_13g
FILEUTILS-3_13h
FILEUTILS-3_13j
FILEUTILS-3_13k
FILEUTILS-3_14b
FILEUTILS-3_16g
FILEUTILS-3_16h
FILEUTILS-3_16i
FILEUTILS-3_16j
FILEUTILS-3_16k
FILEUTILS-3_16l
FILEUTILS-3_16m
FILEUTILS-3_16n
FILEUTILS-3_16p
FILEUTILS-3_16q
FILEUTILS-3_16r
FILEUTILS-3_16s
FILEUTILS-3_16t
FILEUTILS-3_16u
FILEUTILS-3_16v
FILEUTILS-3_16w
FILEUTILS-3_16x
FILEUTILS-3_16z
FILEUTILS-3_8_3b
FILEUTILS-4_0
FILEUTILS-4_0-b2
FILEUTILS-4_0-b3
FILEUTILS-4_0-b4
FILEUTILS-4_0-b6
FILEUTILS-4_0-b7
FILEUTILS-4_0-pre1
FILEUTILS-4_0_27
FILEUTILS-4_0_28
FILEUTILS-4_0_29
FILEUTILS-4_0_30
FILEUTILS-4_0_31
FILEUTILS-4_0_32
FILEUTILS-4_0_33
FILEUTILS-4_0_34
FILEUTILS-4_0_35
FILEUTILS-4_0_36
FILEUTILS-4_0_37
FILEUTILS-4_0_38
FILEUTILS-4_0_39
FILEUTILS-4_0_41
FILEUTILS-4_0_42
FILEUTILS-4_0_43
FILEUTILS-4_0_45
FILEUTILS-4_0e
FILEUTILS-4_0f
FILEUTILS-4_0g
FILEUTILS-4_0i
FILEUTILS-4_0j-trial
FILEUTILS-4_0k
FILEUTILS-4_0l
FILEUTILS-4_0m
FILEUTILS-4_0q
FILEUTILS-4_0r
FILEUTILS-4_0s
FILEUTILS-4_0t
FILEUTILS-4_0u
FILEUTILS-4_0v
FILEUTILS-4_0w
FILEUTILS-4_0x
FILEUTILS-4_0y
FILEUTILS-4_0z
FILEUTILS-4_1-b1
FILEUTILS-4_1-b2
FILEUTILS-4_1-b3
FILEUTILS-4_1_1
FILEUTILS-4_1_2
FILEUTILS-4_1_3
FILEUTILS-4_1_4
FILEUTILS-4_1_5
FILEUTILS-4_1_6
FILEUTILS-4_1_7
FILEUTILS-4_1_8
FILEUTILS-4_1_9
RMAIL-MBOX-BASE
SH-UTILS-1_12a
SH-UTILS-1_12d
SH-UTILS-1_12f
SH-UTILS-1_12g
SH-UTILS-1_12o
SH-UTILS-1_12p
SH-UTILS-1_12r
SH-UTILS-1_12t
SH-UTILS-1_14
SH-UTILS-1_15
SH-UTILS-1_15a
SH-UTILS-1_16
SH-UTILS-1_16a
SH-UTILS-1_16b
SH-UTILS-1_16c
SH-UTILS-1_16d
SH-UTILS-1_16f
SH-UTILS-1_16h
SH-UTILS-1_16k
SH-UTILS-1_16m
SH-UTILS-2_0
SH-UTILS-2_0_11
SH-UTILS-2_0_12
SH-UTILS-2_0a
SH-UTILS-2_0b
SH-UTILS-2_0c
SH-UTILS-2_0d
SH-UTILS-2_0e
SH-UTILS-2_0f
SH-UTILS-2_0g
SH-UTILS-2_0h
SH-UTILS-2_0i
SH-UTILS-2_0j
TEXTUTILS-1_13
TEXTUTILS-1_13g
TEXTUTILS-1_13i
TEXTUTILS-1_13j
TEXTUTILS-1_14
TEXTUTILS-1_14a
TEXTUTILS-1_14b
TEXTUTILS-1_14c
TEXTUTILS-1_14d
TEXTUTILS-1_18
TEXTUTILS-1_18e
TEXTUTILS-1_19d
TEXTUTILS-1_19g
TEXTUTILS-1_19m
TEXTUTILS-1_19n
TEXTUTILS-1_19o
TEXTUTILS-1_19q
TEXTUTILS-1_19r
TEXTUTILS-1_20a
TEXTUTILS-1_20b
TEXTUTILS-1_21a
TEXTUTILS-1_22a
TEXTUTILS-1_22c
TEXTUTILS-1_22d
TEXTUTILS-1_22f
TEXTUTILS-1_22g
TEXTUTILS-1_22h
TEXTUTILS-1_22i
TEXTUTILS-1_22j
TEXTUTILS-1_22k
TEXTUTILS-1_22l
TEXTUTILS-1_22m
TEXTUTILS-1_22n
TEXTUTILS-1_22o
TEXTUTILS-1_22p
TEXTUTILS-1_22q
TEXTUTILS-1_8b
TEXTUTILS-2_0
TEXTUTILS-2_0_10
TEXTUTILS-2_0_12
TEXTUTILS-2_0_15
TEXTUTILS-2_0_16
TEXTUTILS-2_0_17
TEXTUTILS-2_0_18
TEXTUTILS-2_0_19
TEXTUTILS-2_0_20
TEXTUTILS-2_0_21
TEXTUTILS-2_0_8
TEXTUTILS-2_0_9
TEXTUTILS-2_0a
TEXTUTILS-2_0c
TEXTUTILS-2_0e
TEXTUTILS-2_0f
TEXTUTILS-2_0g
ctype-fix
cvs-readonly
emacs-unicode-base
kfs_20030524_pre
lexbind-before-merge-20030404
merge-with-1_9_4k
post-jumbo-LFS
pre-getopt
pre-jumbo-LFS
pre-version
raeburn-tag-4-for-export
ss-940725-22h45
ss-950520-08h12-sync-tu
ss-950614-22h58-1_11_5a
textutils-1_12_1
version-3_4_2-to-fsf
version-3_4_4-tentative
v0.*
v0.0
v0.1
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"229386864100362742395171523966439953396",
"272341287738193040027583357173502084572",
"260935206951781656671285336310863070516",
"258324227169521172141694111686821196115"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "lib/vasnprintf.c"
},
"id": "CVE-2018-17942-27bc3964",
"source": "https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35"
},
{
"digest": {
"function_hash": "269350412939707273940773259891075763573",
"length": 816.0
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "lib/vasnprintf.c",
"function": "convert_to_decimal"
},
"id": "CVE-2018-17942-a6fdad85",
"source": "https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35"
},
{
"digest": {
"line_hashes": [
"131391253255561766648621509591014579029",
"133734765937967660399959801886915531128",
"46393908124578637128160449109458356407",
"202363911030448863139018023131591996039"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "tests/test-vasnprintf.c"
},
"id": "CVE-2018-17942-d2e104c4",
"source": "https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35"
}
]