CVE-2018-18585

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-18585
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18585.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-18585
Downstream
Related
Published
2018-10-23T02:29:00.513Z
Modified
2026-03-10T14:35:54.823889Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

References

Affected packages

Git / github.com/kyz/libmspack

Affected ranges

Type
GIT
Repo
https://github.com/kyz/libmspack
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a22627dd5180e0ce9c558d0c10b174c760085f57
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
164fb2d23a0894b726b72a047d34191d64a18104
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
03296dd44347ab3111ba23b8e3945e2b537b6275
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a2b36d2f477a183c046b66c731936fa56eba53b4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bc1010b120a987de3da053ba61870fcbecfbd112
Fixed
8759da8db6ec9e866cb8eb143313f397f925bb4f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.4-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.5-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.6-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7-alpha"
        }
    ]
}

Affected versions

1.*
1.7
v0.*
v0.0.20060920alpha
v0.3alpha
v0.4alpha
v0.5alpha
v0.6alpha
v0.7.1alpha
v0.7alpha
v1.*
v1.0
v1.1
v1.2
v1.3
v1.4
v1.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18585.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "284170693861670192769649738077027374383",
                "328010522186380992829508643319645870295",
                "337185572412918404811406182571160109925",
                "311119288129859831691903272572458162229",
                "333854538769822575592451592026482133150",
                "137173230354041756601323120725473316269",
                "35069138540823503665903806403420112095",
                "298929599602399015466854119268521340890"
            ]
        },
        "source": "https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f",
        "signature_type": "Line",
        "id": "CVE-2018-18585-7863a9d1",
        "target": {
            "file": "libmspack/mspack/chmd.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "65072954031163830704155016403856911861",
            "length": 6633.0
        },
        "source": "https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f",
        "signature_type": "Function",
        "id": "CVE-2018-18585-9f8a5e9c",
        "target": {
            "file": "libmspack/mspack/chmd.c",
            "function": "chmd_read_headers"
        }
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11-sp3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12-ga"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12-sp1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12-sp2"
            }
        ]
    }
]