UBUNTU-CVE-2018-5392

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-5392

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-5392.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-5392

Upstream

CVE-2018-5392

Published

2018-08-14T16:29:00Z

Modified

2025-10-24T04:46:51Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Ubuntu - low

Summary

[none]

Details

mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.

References

Affected packages

Ubuntu:14.04:LTS

mingw-w64

Package

Name: mingw-w64
Purl: pkg:deb/ubuntu/mingw-w64@3.1.0-1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0~svn5915-1

3.0.0-3

3.1.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "3.1.0-1",
            "binary_name": "mingw-w64"
        },
        {
            "binary_version": "3.1.0-1",
            "binary_name": "mingw-w64-common"
        },
        {
            "binary_version": "3.1.0-1",
            "binary_name": "mingw-w64-i686-dev"
        },
        {
            "binary_version": "3.1.0-1",
            "binary_name": "mingw-w64-tools"
        },
        {
            "binary_version": "3.1.0-1",
            "binary_name": "mingw-w64-x86-64-dev"
        }
    ]
}

Ubuntu:16.04:LTS

mingw-w64

Package

Name: mingw-w64
Purl: pkg:deb/ubuntu/mingw-w64@4.0.4-2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.2-4

4.0.4-1

4.0.4-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.0.4-2",
            "binary_name": "mingw-w64"
        },
        {
            "binary_version": "4.0.4-2",
            "binary_name": "mingw-w64-common"
        },
        {
            "binary_version": "4.0.4-2",
            "binary_name": "mingw-w64-i686-dev"
        },
        {
            "binary_version": "4.0.4-2",
            "binary_name": "mingw-w64-tools"
        },
        {
            "binary_version": "4.0.4-2",
            "binary_name": "mingw-w64-x86-64-dev"
        }
    ]
}

Ubuntu:18.04:LTS

mingw-w64

Package

Name: mingw-w64
Purl: pkg:deb/ubuntu/mingw-w64@5.0.3-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.2-2

5.0.3-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.0.3-1",
            "binary_name": "mingw-w64"
        },
        {
            "binary_version": "5.0.3-1",
            "binary_name": "mingw-w64-common"
        },
        {
            "binary_version": "5.0.3-1",
            "binary_name": "mingw-w64-i686-dev"
        },
        {
            "binary_version": "5.0.3-1",
            "binary_name": "mingw-w64-tools"
        },
        {
            "binary_version": "5.0.3-1",
            "binary_name": "mingw-w64-x86-64-dev"
        }
    ]
}

Ubuntu:20.04:LTS

mingw-w64

Package

Name: mingw-w64
Purl: pkg:deb/ubuntu/mingw-w64@7.0.0-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.0-3

6.0.0-4

7.*

7.0.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.0.0-2",
            "binary_name": "mingw-w64"
        },
        {
            "binary_version": "7.0.0-2",
            "binary_name": "mingw-w64-common"
        },
        {
            "binary_version": "7.0.0-2",
            "binary_name": "mingw-w64-i686-dev"
        },
        {
            "binary_version": "7.0.0-2",
            "binary_name": "mingw-w64-tools"
        },
        {
            "binary_version": "7.0.0-2",
            "binary_name": "mingw-w64-x86-64-dev"
        }
    ]
}

Ubuntu:22.04:LTS

mingw-w64

Package

Name: mingw-w64
Purl: pkg:deb/ubuntu/mingw-w64@8.0.0-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "8.0.0-1",
            "binary_name": "mingw-w64"
        },
        {
            "binary_version": "8.0.0-1",
            "binary_name": "mingw-w64-common"
        },
        {
            "binary_version": "8.0.0-1",
            "binary_name": "mingw-w64-i686-dev"
        },
        {
            "binary_version": "8.0.0-1",
            "binary_name": "mingw-w64-tools"
        },
        {
            "binary_version": "8.0.0-1",
            "binary_name": "mingw-w64-x86-64-dev"
        }
    ]
}

Ubuntu:24.04:LTS

mingw-w64

Package

Name: mingw-w64
Purl: pkg:deb/ubuntu/mingw-w64@11.0.1-3build1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

11.*

11.0.1-2

11.0.1-3

11.0.1-3build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "11.0.1-3build1",
            "binary_name": "mingw-w64"
        },
        {
            "binary_version": "11.0.1-3build1",
            "binary_name": "mingw-w64-common"
        },
        {
            "binary_version": "11.0.1-3build1",
            "binary_name": "mingw-w64-i686-dev"
        },
        {
            "binary_version": "11.0.1-3build1",
            "binary_name": "mingw-w64-tools"
        },
        {
            "binary_version": "11.0.1-3build1",
            "binary_name": "mingw-w64-x86-64-dev"
        }
    ]
}

Ubuntu:25.04

mingw-w64

Package

Name: mingw-w64
Purl: pkg:deb/ubuntu/mingw-w64@12.0.0-3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.0.0-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64"
        },
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64-common"
        },
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64-i686-dev"
        },
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64-tools"
        },
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64-x86-64-dev"
        }
    ]
}

Ubuntu:25.10

mingw-w64

Package

Name: mingw-w64
Purl: pkg:deb/ubuntu/mingw-w64@12.0.0-3?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.0.0-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64"
        },
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64-common"
        },
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64-i686-dev"
        },
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64-tools"
        },
        {
            "binary_version": "12.0.0-3",
            "binary_name": "mingw-w64-x86-64-dev"
        }
    ]
}