CVE-2018-17854

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-17854
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17854.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-17854
Published
2018-10-01T08:29:02.757Z
Modified
2026-04-11T11:40:02.186371Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427.

References

Affected packages

Git / github.com/lemire/simdcomp

Affected ranges

Type
GIT
Repo
https://github.com/lemire/simdcomp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
dde3e49c3c111f6188964a91546bf4531eb6db4f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.1.1"
        }
    ]
}

Affected versions

Other
AFTER_C89_COMPAT_MERGE
BEFORE_C89_COMPAT_MERGE
v0.*
v0.0.1
v0.0.3
v0.1.0

Database specific

vanir_signatures_modified 
"2026-04-11T11:40:02Z"
vanir_signatures 
[
    {
        "id": "CVE-2018-17854-117e1c58",
        "target": {
            "file": "src/simdbitpacking.c",
            "function": "simdunpack_shortlength"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "17810334411435897037629253370829662608",
            "length": 1402.0
        },
        "signature_type": "Function",
        "source": "https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2018-17854-34b134cf",
        "target": {
            "file": "tests/unit.c",
            "function": "issue21FOR"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "30002280586027771902878265699866513413",
            "length": 732.0
        },
        "signature_type": "Function",
        "source": "https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2018-17854-5b1476b4",
        "target": {
            "file": "tests/unit.c",
            "function": "issue21"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "296459941991828380377195880935375155500",
            "length": 708.0
        },
        "signature_type": "Function",
        "source": "https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2018-17854-8559d5f2",
        "target": {
            "file": "src/simdfor.c",
            "function": "simdpackFOR_length"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "209320386422351186919526133415051896666",
            "length": 1285.0
        },
        "signature_type": "Function",
        "source": "https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2018-17854-8ee3711c",
        "target": {
            "file": "src/simdbitpacking.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "124070202241762254836396328326063177067",
                "5456946239895227461853334074662355323",
                "137770486593052164194708282772978167194",
                "2688195429762644187529700602285613187",
                "336008143446742539610937911490652111334",
                "120910543316379396717368592881899965390",
                "143004276775887699030148850992443652551",
                "266730034740329049489488642186730280137",
                "271949381055915369051558991921946668303",
                "276089750578132468399799759614381919203",
                "11388610387174785164037693419267001946",
                "106766141891037761595231395375514387216",
                "211225600828189559567656682429562453875",
                "134659204192177085758633179285751362878",
                "206365965808171123146061733104101753209",
                "51711429884631511900102870140149283387",
                "322497891318588322320136398483399091569",
                "175000675722921171666046538211512400184",
                "42730422159725546706450522789668408463",
                "311976896367502331229571261052714042535",
                "336008143446742539610937911490652111334",
                "276880696735640702061726204533166202814",
                "138417485106305684664249426500121779672",
                "275001956706115348616516725829437788217",
                "110378772424145190540655900436612702801"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2018-17854-bec31bde",
        "target": {
            "file": "src/simdfor.c",
            "function": "simdunpackFOR_length"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "44276479137841753337082947411204669638",
            "length": 1503.0
        },
        "signature_type": "Function",
        "source": "https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2018-17854-ce8c591b",
        "target": {
            "file": "src/simdfor.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "30486515928823575816780042085078849124",
                "221949515570307123159616579663978759138",
                "215335553286392935399254643643783263820",
                "1260666409455075483534912789649152355",
                "124070202241762254836396328326063177067",
                "5456946239895227461853334074662355323",
                "137770486593052164194708282772978167194",
                "2688195429762644187529700602285613187",
                "336008143446742539610937911490652111334",
                "120910543316379396717368592881899965390",
                "143004276775887699030148850992443652551",
                "266730034740329049489488642186730280137",
                "271949381055915369051558991921946668303",
                "276089750578132468399799759614381919203",
                "11388610387174785164037693419267001946",
                "106766141891037761595231395375514387216",
                "211184397907768148186926135082739679656",
                "284653346181443337359076070118086288538",
                "250143079488943628781267672165817994925",
                "171745432437826654364535702157663685480",
                "322497891318588322320136398483399091569",
                "175000675722921171666046538211512400184",
                "42730422159725546706450522789668408463",
                "311976896367502331229571261052714042535",
                "336008143446742539610937911490652111334",
                "276880696735640702061726204533166202814",
                "138417485106305684664249426500121779672",
                "275001956706115348616516725829437788217",
                "110378772424145190540655900436612702801"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2018-17854-e9e63b43",
        "target": {
            "file": "tests/unit.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "104669713274731415044603649647647989782",
                "306413963049926783494957607390903357971",
                "182027381377128852281955038670610524628",
                "125668674769129557580662282233950788572",
                "204944530972562358603702853415873837146",
                "243341722609692365765923532879429040793",
                "29681873615244304309788817154784232680",
                "293842272580073700364442998085443831081",
                "203890251987759831602068480630099949039",
                "255730216167014006871318836953394377726",
                "26245488883246389783620183940545863393",
                "694973098885984221760168425179768055",
                "138474658415805510050046149414525368371",
                "340085161400578313044881762730788601859",
                "306719851913307935853984036989145998314",
                "295316307344567409004275693824987137490",
                "332220484747462513483031725276186292303",
                "3617376700153293194556620040686855988",
                "83185560601795216633059597878823858008",
                "136307650169811303760036401718918961371",
                "178245080823861831804490553571894043329",
                "339085656779950306451250596393066674928",
                "133911755167913931271685068119415507357",
                "250327031656508887408937783796551191877",
                "276263498639670374994519882281820120627",
                "251725131586354863736780893934379191788",
                "45570467302332474209516260485842959555",
                "18448716940201003465456870707291314980",
                "205833201278781291232126913712559957521",
                "165598391807809786661091926024094938156",
                "261947715935070227542427604197305280890",
                "14094417612511425409557013817413724080",
                "228205684600229673549931796003946814911",
                "197172061519954044306997507401829117585",
                "22989248253734939281207445129814193353",
                "256525890937421261847293605359170230557",
                "50459362591164643406155072090471457325",
                "50644107022225954574602514473806222679",
                "197041649264428327224483559278635802404",
                "297550935157712286461471579770494289656",
                "112899711411287750531685446576256457148",
                "212866682421094318916635270944130199652",
                "236737634673021377064051161803810633736",
                "223308103645015940679265983779094450780",
                "3617376700153293194556620040686855988",
                "83185560601795216633059597878823858008",
                "136307650169811303760036401718918961371",
                "178245080823861831804490553571894043329",
                "339085656779950306451250596393066674928",
                "133911755167913931271685068119415507357",
                "250327031656508887408937783796551191877",
                "276263498639670374994519882281820120627",
                "283193327807536212899539040663477288086",
                "284435134258060573098599827961204450513",
                "113541678251611043554617057966667293077",
                "35859616901106115983300841650150234913",
                "145136709424417657239922263107331523498",
                "284435134258060573098599827961204450513",
                "267869059050357625653685508756263287776",
                "96674799776453607315530519840047348429",
                "52476069615056419658309057544394554073",
                "284435134258060573098599827961204450513",
                "267869059050357625653685508756263287776",
                "96674799776453607315530519840047348429",
                "111343666964977454953674109589873892754"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17854.json"