CVE-2017-15364

Source
https://cve.org/CVERecord?id=CVE-2017-15364
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15364.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15364
Aliases
Published
2017-10-15T19:29:00.263Z
Modified
2026-07-08T11:35:33.767867Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.

References

Affected packages

Git / github.com/evan/ccsv

Affected ranges

Type
GIT
Repo
https://github.com/evan/ccsv
Events
Database specific
{
    "cpe": "cpe:2.3:a:ccsv_project:ccsv:1.1.0:*:*:*:*:*:*:*",
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "1.1.0"
        },
        {
            "last_affected": "1.1.0"
        }
    ]
}

Affected versions

1.*
1.1.0
ccsv-1.*
ccsv-1.1.0

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "216950382160450977536562658923203944838",
            "length": 2675.0
        },
        "id": "CVE-2017-15364-222f5f9c",
        "signature_type": "Function",
        "target": {
            "function": "foreach",
            "file": "ext/ccsv.c"
        }
    },
    {
        "source": "https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "185610122757861590401651135081111540603",
                "91960380154313281009540136048156975594",
                "182356870035072103625904360738806995806",
                "269250917622965397532290948418695205077",
                "211890206840583687056717312205753826272",
                "17583709965861522050857437197366360354",
                "261764503975537041863530880829471571488",
                "129805186688720191472303117837450869059",
                "254927066576525839528654857756893302784",
                "134622109007289323807222703460719049906",
                "75579718370850228674690893005551658284",
                "81615710677600088596179892242847400329",
                "327953707931807082756850890879422960513",
                "209715201009706258934104024665552873218",
                "290783938492797561487901328579955910095",
                "241213685301740908372717220215781223197",
                "201786053689534195376225875732116028359",
                "237677364759413347745604393068017172682",
                "85085871856487834175989974690073860734",
                "74998473377601924913494440401502709548",
                "103234387437741148866965307917505102002",
                "236860524338413725832646582002373373009",
                "333632157001625037362685245503393678553",
                "191586650322638239440938405774673602976",
                "241189575413153218292062161099464519521",
                "107591067652671203546943124011763605680",
                "270669506495774102544915924672526787245",
                "69694153962219797910269972005445507569",
                "30073005050515076010667130510909535800",
                "303745774857809796086674065932675657980",
                "28334073195384864803412818053072651205",
                "70900872301583664247937447372276684060",
                "304331830792188923742728620391526915186",
                "250875371213583570169121819410298264098",
                "54178284221252912138275056572266042603",
                "159815330302075283341421409660228457828",
                "239810012870819578751475989514551468912",
                "135094770301027913256937173126334840326",
                "73178820713132990692432269081332031964",
                "39349934789833735367373088136869000492",
                "194275289979532445789800087152039287681",
                "250875371213583570169121819410298264098",
                "236732265184660035366467935863000898408",
                "254332609175580351500585474492948421834",
                "119281156430427451183029439890216366370",
                "120762479781057482457595473179174392882",
                "259480857195013652351095209349978573129",
                "41728229203097015511758691652128057159",
                "244123289128438108872282780277936525801",
                "313973204891653785956651659735718949509"
            ]
        },
        "id": "CVE-2017-15364-41eff27c",
        "signature_type": "Line",
        "target": {
            "file": "ext/ccsv.c"
        }
    },
    {
        "source": "https://github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbd",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "107472317838558509669648336135765909325",
            "length": 3477.0
        },
        "id": "CVE-2017-15364-481414a2",
        "signature_type": "Function",
        "target": {
            "function": "foreach",
            "file": "ext/ccsv.c"
        }
    },
    {
        "source": "https://github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbd",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "225410364092533882124856042145767996594",
                "60905680023956024352471741974569327975",
                "165929466692096890069376483273215828793",
                "200497956786792373628197712229515196008",
                "283556678893069105445321648317990361118",
                "213140223815731264262085794332634316994",
                "132211894524736420834315899714021255687",
                "335079051796306012564772589399217038014",
                "46513733443199140179331439120494639290",
                "178237209519719132805800993046364691743",
                "268003082257643819797806048377191810100",
                "175630955586281714452926905235138591612",
                "126865977372300129005684214224015814260",
                "211554812112406365765543847946598598945",
                "142042617169370336957459983326115631613",
                "63814871860705965322189449077633830108",
                "171341053187958252075134129970906218333",
                "267988204767344103044226646154376928584",
                "313973204891653785956651659735718949509"
            ]
        },
        "id": "CVE-2017-15364-6543d2f7",
        "signature_type": "Line",
        "target": {
            "file": "ext/ccsv.c"
        }
    }
]
vanir_signatures_modified
"2026-07-08T11:35:33Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15364.json"