CVE-2018-1000101

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000101
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000101.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000101
Published
2018-03-06T17:29:00Z
Modified
2024-06-30T12:01:22Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network.

References

Affected packages

Debian:11 / mingw-w64

Package

Name
mingw-w64
Purl
pkg:deb/debian/mingw-w64?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.0-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / mingw-w64

Package

Name
mingw-w64
Purl
pkg:deb/debian/mingw-w64?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.0-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / mingw-w64

Package

Name
mingw-w64
Purl
pkg:deb/debian/mingw-w64?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.0-1

Ecosystem specific

{
    "urgency": "low"
}