CVE-2017-15364

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-15364
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15364.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15364
Aliases
Published
2017-10-15T19:29:00.263Z
Modified
2026-04-11T04:38:12.616596Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.

References

Affected packages

Git / github.com/evan/ccsv

Affected ranges

Type
GIT
Repo
https://github.com/evan/ccsv
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d5fb65e88b2c2b1851966158855e22c29620b682
Fixed
24e0b9b94c44a15b23475e821366239d53764dbd
Fixed
c59d960ffa6b742a0616a209442618462142e6c1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.0"
        }
    ]
}

Affected versions

ccsv-0.*
ccsv-0.1.1
ccsv-0.1.2
ccsv-1.*
ccsv-1.0.1
ccsv-1.1.0

Database specific

vanir_signatures_modified 
"2026-04-11T04:38:12Z"
vanir_signatures 
[
    {
        "id": "CVE-2017-15364-222f5f9c",
        "target": {
            "file": "ext/ccsv.c",
            "function": "foreach"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "216950382160450977536562658923203944838",
            "length": 2675.0
        },
        "signature_type": "Function",
        "source": "https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2017-15364-41eff27c",
        "target": {
            "file": "ext/ccsv.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "185610122757861590401651135081111540603",
                "91960380154313281009540136048156975594",
                "182356870035072103625904360738806995806",
                "269250917622965397532290948418695205077",
                "211890206840583687056717312205753826272",
                "17583709965861522050857437197366360354",
                "261764503975537041863530880829471571488",
                "129805186688720191472303117837450869059",
                "254927066576525839528654857756893302784",
                "134622109007289323807222703460719049906",
                "75579718370850228674690893005551658284",
                "81615710677600088596179892242847400329",
                "327953707931807082756850890879422960513",
                "209715201009706258934104024665552873218",
                "290783938492797561487901328579955910095",
                "241213685301740908372717220215781223197",
                "201786053689534195376225875732116028359",
                "237677364759413347745604393068017172682",
                "85085871856487834175989974690073860734",
                "74998473377601924913494440401502709548",
                "103234387437741148866965307917505102002",
                "236860524338413725832646582002373373009",
                "333632157001625037362685245503393678553",
                "191586650322638239440938405774673602976",
                "241189575413153218292062161099464519521",
                "107591067652671203546943124011763605680",
                "270669506495774102544915924672526787245",
                "69694153962219797910269972005445507569",
                "30073005050515076010667130510909535800",
                "303745774857809796086674065932675657980",
                "28334073195384864803412818053072651205",
                "70900872301583664247937447372276684060",
                "304331830792188923742728620391526915186",
                "250875371213583570169121819410298264098",
                "54178284221252912138275056572266042603",
                "159815330302075283341421409660228457828",
                "239810012870819578751475989514551468912",
                "135094770301027913256937173126334840326",
                "73178820713132990692432269081332031964",
                "39349934789833735367373088136869000492",
                "194275289979532445789800087152039287681",
                "250875371213583570169121819410298264098",
                "236732265184660035366467935863000898408",
                "254332609175580351500585474492948421834",
                "119281156430427451183029439890216366370",
                "120762479781057482457595473179174392882",
                "259480857195013652351095209349978573129",
                "41728229203097015511758691652128057159",
                "244123289128438108872282780277936525801",
                "313973204891653785956651659735718949509"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15364.json"