CVE-2018-18928

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-18928

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-18928.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-18928

Downstream

DEBIAN-CVE-2018-18928

Related

MGASA-2019-0353

Published

2018-11-04T20:29:00.247Z

Modified

2026-02-24T01:16:04.079382Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.

References

Affected packages

Git / github.com/unicode-org/icu

Affected ranges

Type: GIT
Repo: https://github.com/unicode-org/icu
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

53d8c8f3d181d87a6aa925b449b51c4a2c922a51

Affected versions

Other

cldr-32-beta2

last-cvs-commit

last-svn-commit

milestone-59-0-1

milestone-60-0-1

release-59-rc

release-60-rc

release-61-rc

release-62-rc

release-63-rc

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "icu4c/source/i18n/fmtable.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "235380922417724273752120984794739763498",
                "240948955305313391274631482281993570583",
                "298551886312612177768163145201981513716",
                "29037743298277454571552545575659148634"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-05a1e0c1"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "icu4j/main/classes/core/src/com/ibm/icu/impl/number/DecimalQuantity_DualStorageBCD.java",
            "function": "bcdToBigDecimal"
        },
        "digest": {
            "length": 405.0,
            "function_hash": "209040715241252438079843634589717793125"
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-1021e7cd"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "icu4c/source/i18n/number_decimalquantity.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "209401259799217645772514829297229999829",
                "42127486368864085335537098372172567088",
                "169538807423298615807566842104017609162",
                "155812189009242648149116484760886469871"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-13db443a"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "icu4c/source/test/intltest/numfmtst.cpp",
            "function": "NumberFormatTest::Test20037_ScientificIntegerOverflow"
        },
        "digest": {
            "length": 749.0,
            "function_hash": "321900820634206432231705415193601742855"
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-1662d53f"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "icu4j/main/classes/core/src/com/ibm/icu/impl/number/DecimalQuantity_DualStorageBCD.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "277656801268948993926366603651571764962",
                "327121349401331928183510165421893547511",
                "106866773774383492022973682563486209598",
                "313344001116259217978603234508917087433"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-4f6160a1"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "icu4c/source/test/intltest/numfmtst.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "279197795648750236016082165046801673573",
                "285393831193474953761955264723675553714",
                "260819794824143240743826795602987523105",
                "264767276355902451311774195196810373887"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-50899722"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "icu4j/main/tests/core/src/com/ibm/icu/dev/test/format/NumberFormatTest.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "318954539559952159987724506500038643171",
                "104227988973702857340918821106403042817",
                "143451758896789048344166533739090187490",
                "42679916047396215103377881040777016006"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-8e62b19d"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "icu4j/main/classes/core/src/com/ibm/icu/impl/number/DecimalQuantity_AbstractBCD.java",
            "function": "toScientificString"
        },
        "digest": {
            "length": 902.0,
            "function_hash": "284733635857698465385038062712162369124"
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-ad7a84f3"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "icu4c/source/i18n/number_decimalquantity.cpp",
            "function": "DecimalQuantity::toScientificString"
        },
        "digest": {
            "length": 897.0,
            "function_hash": "283490022854476084683159277088419071224"
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-bf55c408"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "icu4j/main/tests/core/src/com/ibm/icu/dev/test/format/NumberFormatTest.java",
            "function": "Test20037_ScientificIntegerOverflow"
        },
        "digest": {
            "length": 481.0,
            "function_hash": "323189177863867637945822748829724125990"
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-c85d7358"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "file": "icu4c/source/i18n/fmtable.cpp",
            "function": "Formattable::internalGetCharString"
        },
        "digest": {
            "length": 814.0,
            "function_hash": "293214317832657242931498963234831168367"
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-e29d4be0"
    },
    {
        "source": "https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51",
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "icu4j/main/classes/core/src/com/ibm/icu/impl/number/DecimalQuantity_AbstractBCD.java"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "67709256282999126152612069180773756468",
                "3682782463407928000009361767446119233",
                "67168528261376778857037572812495019342",
                "145295344314604399018304338039896393831"
            ]
        },
        "signature_version": "v1",
        "id": "CVE-2018-18928-f37f6e00"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-18928.json"