CVE-2018-20541

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-20541
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20541.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-20541
Downstream
Published
2018-12-28T16:29:04.643Z
Modified
2026-04-11T14:11:03.184313Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

There is a heap-based buffer overflow in libxsmmsparsecscreader at generatorspgemmcscreader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).

References

Affected packages

Git / github.com/hfp/libxsmm

Affected ranges

Type
GIT
Repo
https://github.com/hfp/libxsmm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
151481489192e6d1997f8bde52c5c425ea41741d
Type
GIT
Repo
https://github.com/hfp/libxsmm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
151481489192e6d1997f8bde52c5c425ea41741d

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20541.json"
vanir_signatures_modified 
"2026-04-11T14:11:03Z"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.10"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "deprecated": false,
        "target": {
            "file": "src/generator_spgemm_csr_reader.c",
            "function": "libxsmm_sparse_csr_reader"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "253237323125577349990588301710073922474",
            "length": 2899.0
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-42082ee1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "samples/edge/edge_proxy_common.c",
            "function": "edge_sparse_csr_reader_double"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "257932478644569493591294152135594238066",
            "length": 2305.0
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-44059b59"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/generator_spgemm_csr_reader.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "241923795223860916277411171048424946468",
                "209110177833169472757848964198364002047",
                "226469009479139064176779870339992460152",
                "192626307265761018682685695128013722668",
                "261546154635701793906232853738646677101",
                "18508411805474619725990427461893891957",
                "51501535861073324594083067657348697914",
                "110807367558379506002077375399143442439",
                "257165498594075926253907697244042964172"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-5066215b"
    },
    {
        "deprecated": false,
        "target": {
            "file": "samples/edge/edge_proxy_common.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "241923795223860916277411171048424946468",
                "209110177833169472757848964198364002047",
                "54720283948260693235784795782894161382",
                "159871792082033176477973504123091930777"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-914a6527"
    },
    {
        "deprecated": false,
        "target": {
            "file": "samples/pyfr/pyfr_driver_asp_reg.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "241923795223860916277411171048424946468",
                "209110177833169472757848964198364002047",
                "54720283948260693235784795782894161382",
                "217042301667030676819970089241851533120"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-956a0ae8"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/generator_spgemm_csc_reader.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "241923795223860916277411171048424946468",
                "107558474951648408386904201689056226698",
                "283203830907550038709210239009337494119",
                "18022234622339816638805531357357536949",
                "291840242035544412416174133096187863902",
                "18508411805474619725990427461893891957",
                "4969517896670101590188015537595354571",
                "291749407274234609554627974998776176771",
                "205777411820530140292049990175321492587",
                "206743855182286230386096444765258334159"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-a58f01b5"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/generator_spgemm_csc_reader.c",
            "function": "libxsmm_sparse_csc_reader"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "117423682803360476822542486759614065109",
            "length": 2899.0
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-d0044958"
    },
    {
        "deprecated": false,
        "target": {
            "file": "samples/pyfr/pyfr_driver_asp_reg.c",
            "function": "my_csr_reader"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "252726746632772907463537910857054546701",
            "length": 2342.0
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-ee91e15d"
    },
    {
        "deprecated": false,
        "target": {
            "file": "samples/edge/common_edge_proxy.h",
            "function": "libxsmm_sparse_csr_reader"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "288578049635566099234369255849468353491",
            "length": 2495.0
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-f3f56076"
    },
    {
        "deprecated": false,
        "target": {
            "file": "samples/edge/common_edge_proxy.h"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "241923795223860916277411171048424946468",
                "209110177833169472757848964198364002047",
                "54720283948260693235784795782894161382",
                "217042301667030676819970089241851533120"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d",
        "id": "CVE-2018-20541-ffa602e8"
    }
]