{"id":"CVE-2018-17854","details":"SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427.","modified":"2026-04-11T11:40:02.186371Z","published":"2018-10-01T08:29:02.757Z","references":[{"type":"EVIDENCE","url":"https://github.com/lemire/simdcomp/issues/21"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lemire/simdcomp","events":[{"introduced":"0"},{"fixed":"dde3e49c3c111f6188964a91546bf4531eb6db4f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.1.1"}]}}],"versions":["AFTER_C89_COMPAT_MERGE","BEFORE_C89_COMPAT_MERGE","v0.0.1","v0.0.3","v0.1.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T11:40:02Z","vanir_signatures":[{"source":"https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f","signature_version":"v1","deprecated":false,"digest":{"length":1402,"function_hash":"17810334411435897037629253370829662608"},"signature_type":"Function","id":"CVE-2018-17854-117e1c58","target":{"function":"simdunpack_shortlength","file":"src/simdbitpacking.c"}},{"source":"https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f","signature_version":"v1","deprecated":false,"digest":{"length":732,"function_hash":"30002280586027771902878265699866513413"},"signature_type":"Function","id":"CVE-2018-17854-34b134cf","target":{"function":"issue21FOR","file":"tests/unit.c"}},{"source":"https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f","signature_version":"v1","deprecated":false,"digest":{"length":708,"function_hash":"296459941991828380377195880935375155500"},"signature_type":"Function","id":"CVE-2018-17854-5b1476b4","target":{"function":"issue21","file":"tests/unit.c"}},{"source":"https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f","signature_version":"v1","deprecated":false,"digest":{"length":1285,"function_hash":"209320386422351186919526133415051896666"},"signature_type":"Function","id":"CVE-2018-17854-8559d5f2","target":{"function":"simdpackFOR_length","file":"src/simdfor.c"}},{"source":"https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["124070202241762254836396328326063177067","5456946239895227461853334074662355323","137770486593052164194708282772978167194","2688195429762644187529700602285613187","336008143446742539610937911490652111334","120910543316379396717368592881899965390","143004276775887699030148850992443652551","266730034740329049489488642186730280137","271949381055915369051558991921946668303","276089750578132468399799759614381919203","11388610387174785164037693419267001946","106766141891037761595231395375514387216","211225600828189559567656682429562453875","134659204192177085758633179285751362878","206365965808171123146061733104101753209","51711429884631511900102870140149283387","322497891318588322320136398483399091569","175000675722921171666046538211512400184","42730422159725546706450522789668408463","311976896367502331229571261052714042535","336008143446742539610937911490652111334","276880696735640702061726204533166202814","138417485106305684664249426500121779672","275001956706115348616516725829437788217","110378772424145190540655900436612702801"]},"signature_type":"Line","id":"CVE-2018-17854-8ee3711c","target":{"file":"src/simdbitpacking.c"}},{"source":"https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f","signature_version":"v1","deprecated":false,"digest":{"length":1503,"function_hash":"44276479137841753337082947411204669638"},"signature_type":"Function","id":"CVE-2018-17854-bec31bde","target":{"function":"simdunpackFOR_length","file":"src/simdfor.c"}},{"source":"https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["30486515928823575816780042085078849124","221949515570307123159616579663978759138","215335553286392935399254643643783263820","1260666409455075483534912789649152355","124070202241762254836396328326063177067","5456946239895227461853334074662355323","137770486593052164194708282772978167194","2688195429762644187529700602285613187","336008143446742539610937911490652111334","120910543316379396717368592881899965390","143004276775887699030148850992443652551","266730034740329049489488642186730280137","271949381055915369051558991921946668303","276089750578132468399799759614381919203","11388610387174785164037693419267001946","106766141891037761595231395375514387216","211184397907768148186926135082739679656","284653346181443337359076070118086288538","250143079488943628781267672165817994925","171745432437826654364535702157663685480","322497891318588322320136398483399091569","175000675722921171666046538211512400184","42730422159725546706450522789668408463","311976896367502331229571261052714042535","336008143446742539610937911490652111334","276880696735640702061726204533166202814","138417485106305684664249426500121779672","275001956706115348616516725829437788217","110378772424145190540655900436612702801"]},"signature_type":"Line","id":"CVE-2018-17854-ce8c591b","target":{"file":"src/simdfor.c"}},{"source":"https://github.com/lemire/simdcomp/commit/dde3e49c3c111f6188964a91546bf4531eb6db4f","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["104669713274731415044603649647647989782","306413963049926783494957607390903357971","182027381377128852281955038670610524628","125668674769129557580662282233950788572","204944530972562358603702853415873837146","243341722609692365765923532879429040793","29681873615244304309788817154784232680","293842272580073700364442998085443831081","203890251987759831602068480630099949039","255730216167014006871318836953394377726","26245488883246389783620183940545863393","694973098885984221760168425179768055","138474658415805510050046149414525368371","340085161400578313044881762730788601859","306719851913307935853984036989145998314","295316307344567409004275693824987137490","332220484747462513483031725276186292303","3617376700153293194556620040686855988","83185560601795216633059597878823858008","136307650169811303760036401718918961371","178245080823861831804490553571894043329","339085656779950306451250596393066674928","133911755167913931271685068119415507357","250327031656508887408937783796551191877","276263498639670374994519882281820120627","251725131586354863736780893934379191788","45570467302332474209516260485842959555","18448716940201003465456870707291314980","205833201278781291232126913712559957521","165598391807809786661091926024094938156","261947715935070227542427604197305280890","14094417612511425409557013817413724080","228205684600229673549931796003946814911","197172061519954044306997507401829117585","22989248253734939281207445129814193353","256525890937421261847293605359170230557","50459362591164643406155072090471457325","50644107022225954574602514473806222679","197041649264428327224483559278635802404","297550935157712286461471579770494289656","112899711411287750531685446576256457148","212866682421094318916635270944130199652","236737634673021377064051161803810633736","223308103645015940679265983779094450780","3617376700153293194556620040686855988","83185560601795216633059597878823858008","136307650169811303760036401718918961371","178245080823861831804490553571894043329","339085656779950306451250596393066674928","133911755167913931271685068119415507357","250327031656508887408937783796551191877","276263498639670374994519882281820120627","283193327807536212899539040663477288086","284435134258060573098599827961204450513","113541678251611043554617057966667293077","35859616901106115983300841650150234913","145136709424417657239922263107331523498","284435134258060573098599827961204450513","267869059050357625653685508756263287776","96674799776453607315530519840047348429","52476069615056419658309057544394554073","284435134258060573098599827961204450513","267869059050357625653685508756263287776","96674799776453607315530519840047348429","111343666964977454953674109589873892754"]},"signature_type":"Line","id":"CVE-2018-17854-e9e63b43","target":{"file":"tests/unit.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17854.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}