{"id":"CVE-2018-17942","details":"The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\\0' character during %f processing.","modified":"2026-04-16T06:23:45.318949684Z","published":"2018-10-03T08:29:00.430Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5UQRNQE6XHMD5UYYHAU3VQWAYHIPMQS/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGHTVYH3KAFN34QXNSGEQDSTV7MCOQW/"},{"type":"FIX","url":"https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35"},{"type":"EVIDENCE","url":"https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html"},{"type":"EVIDENCE","url":"https://savannah.gnu.org/bugs/?func=detailitem&item_id=54686"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/coreutils/gnulib","events":[{"introduced":"0"},{"fixed":"278b4175c9d7dd47c1a3071554aac02add3b3c35"}]},{"type":"GIT","repo":"https://github.com/coreutils/gnulib","events":[{"introduced":"0"},{"fixed":"278b4175c9d7dd47c1a3071554aac02add3b3c35"}]}],"versions":["CPPI-1_10","CPPI-1_8","CPPI-1_9","EMACS_20_2","EMACS_20_4","EMACS_21_1","EMACS_PRETEST_21_0_103","EMACS_PRETEST_21_0_95","FILEUTILS-3_12a","FILEUTILS-3_12f","FILEUTILS-3_12g","FILEUTILS-3_12j","FILEUTILS-3_12l","FILEUTILS-3_12m","FILEUTILS-3_12r","FILEUTILS-3_12s","FILEUTILS-3_13","FILEUTILS-3_13c","FILEUTILS-3_13f","FILEUTILS-3_13g","FILEUTILS-3_13h","FILEUTILS-3_13j","FILEUTILS-3_13k","FILEUTILS-3_14b","FILEUTILS-3_16g","FILEUTILS-3_16h","FILEUTILS-3_16i","FILEUTILS-3_16j","FILEUTILS-3_16k","FILEUTILS-3_16l","FILEUTILS-3_16m","FILEUTILS-3_16n","FILEUTILS-3_16p","FILEUTILS-3_16q","FILEUTILS-3_16r","FILEUTILS-3_16s","FILEUTILS-3_16t","FILEUTILS-3_16u","FILEUTILS-3_16v","FILEUTILS-3_16w","FILEUTILS-3_16x","FILEUTILS-3_16z","FILEUTILS-3_8_3b","FILEUTILS-4_0","FILEUTILS-4_0-b2","FILEUTILS-4_0-b3","FILEUTILS-4_0-b4","FILEUTILS-4_0-b6","FILEUTILS-4_0-b7","FILEUTILS-4_0-pre1","FILEUTILS-4_0_27","FILEUTILS-4_0_28","FILEUTILS-4_0_29","FILEUTILS-4_0_30","FILEUTILS-4_0_31","FILEUTILS-4_0_32","FILEUTILS-4_0_33","FILEUTILS-4_0_34","FILEUTILS-4_0_35","FILEUTILS-4_0_36","FILEUTILS-4_0_37","FILEUTILS-4_0_38","FILEUTILS-4_0_39","FILEUTILS-4_0_41","FILEUTILS-4_0_42","FILEUTILS-4_0_43","FILEUTILS-4_0_45","FILEUTILS-4_0e","FILEUTILS-4_0f","FILEUTILS-4_0g","FILEUTILS-4_0i","FILEUTILS-4_0j-trial","FILEUTILS-4_0k","FILEUTILS-4_0l","FILEUTILS-4_0m","FILEUTILS-4_0q","FILEUTILS-4_0r","FILEUTILS-4_0s","FILEUTILS-4_0t","FILEUTILS-4_0u","FILEUTILS-4_0v","FILEUTILS-4_0w","FILEUTILS-4_0x","FILEUTILS-4_0y","FILEUTILS-4_0z","FILEUTILS-4_1-b1","FILEUTILS-4_1-b2","FILEUTILS-4_1-b3","FILEUTILS-4_1_1","FILEUTILS-4_1_2","FILEUTILS-4_1_3","FILEUTILS-4_1_4","FILEUTILS-4_1_5","FILEUTILS-4_1_6","FILEUTILS-4_1_7","FILEUTILS-4_1_8","FILEUTILS-4_1_9","RMAIL-MBOX-BASE","SH-UTILS-1_12a","SH-UTILS-1_12d","SH-UTILS-1_12f","SH-UTILS-1_12g","SH-UTILS-1_12o","SH-UTILS-1_12p","SH-UTILS-1_12r","SH-UTILS-1_12t","SH-UTILS-1_14","SH-UTILS-1_15","SH-UTILS-1_15a","SH-UTILS-1_16","SH-UTILS-1_16a","SH-UTILS-1_16b","SH-UTILS-1_16c","SH-UTILS-1_16d","SH-UTILS-1_16f","SH-UTILS-1_16h","SH-UTILS-1_16k","SH-UTILS-1_16m","SH-UTILS-2_0","SH-UTILS-2_0_11","SH-UTILS-2_0_12","SH-UTILS-2_0a","SH-UTILS-2_0b","SH-UTILS-2_0c","SH-UTILS-2_0d","SH-UTILS-2_0e","SH-UTILS-2_0f","SH-UTILS-2_0g","SH-UTILS-2_0h","SH-UTILS-2_0i","SH-UTILS-2_0j","TEXTUTILS-1_13","TEXTUTILS-1_13g","TEXTUTILS-1_13i","TEXTUTILS-1_13j","TEXTUTILS-1_14","TEXTUTILS-1_14a","TEXTUTILS-1_14b","TEXTUTILS-1_14c","TEXTUTILS-1_14d","TEXTUTILS-1_18","TEXTUTILS-1_18e","TEXTUTILS-1_19d","TEXTUTILS-1_19g","TEXTUTILS-1_19m","TEXTUTILS-1_19n","TEXTUTILS-1_19o","TEXTUTILS-1_19q","TEXTUTILS-1_19r","TEXTUTILS-1_20a","TEXTUTILS-1_20b","TEXTUTILS-1_21a","TEXTUTILS-1_22a","TEXTUTILS-1_22c","TEXTUTILS-1_22d","TEXTUTILS-1_22f","TEXTUTILS-1_22g","TEXTUTILS-1_22h","TEXTUTILS-1_22i","TEXTUTILS-1_22j","TEXTUTILS-1_22k","TEXTUTILS-1_22l","TEXTUTILS-1_22m","TEXTUTILS-1_22n","TEXTUTILS-1_22o","TEXTUTILS-1_22p","TEXTUTILS-1_22q","TEXTUTILS-1_8b","TEXTUTILS-2_0","TEXTUTILS-2_0_10","TEXTUTILS-2_0_12","TEXTUTILS-2_0_15","TEXTUTILS-2_0_16","TEXTUTILS-2_0_17","TEXTUTILS-2_0_18","TEXTUTILS-2_0_19","TEXTUTILS-2_0_20","TEXTUTILS-2_0_21","TEXTUTILS-2_0_8","TEXTUTILS-2_0_9","TEXTUTILS-2_0a","TEXTUTILS-2_0c","TEXTUTILS-2_0e","TEXTUTILS-2_0f","TEXTUTILS-2_0g","ctype-fix","cvs-readonly","emacs-unicode-base","kfs_20030524_pre","lexbind-before-merge-20030404","merge-with-1_9_4k","post-jumbo-LFS","pre-getopt","pre-jumbo-LFS","pre-version","raeburn-tag-4-for-export","ss-940725-22h45","ss-950520-08h12-sync-tu","ss-950614-22h58-1_11_5a","textutils-1_12_1","v0.0","v0.1","version-3_4_2-to-fsf","version-3_4_4-tentative"],"database_specific":{"vanir_signatures_modified":"2026-04-12T04:43:52Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2018-09-23"}]},{"events":[{"introduced":"0"},{"fixed":"2018-09-23"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17942.json","vanir_signatures":[{"signature_version":"v1","signature_type":"Line","source":"https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35","id":"CVE-2018-17942-27bc3964","digest":{"threshold":0.9,"line_hashes":["229386864100362742395171523966439953396","272341287738193040027583357173502084572","260935206951781656671285336310863070516","258324227169521172141694111686821196115"]},"target":{"file":"lib/vasnprintf.c"},"deprecated":false},{"signature_type":"Function","deprecated":false,"source":"https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35","id":"CVE-2018-17942-a6fdad85","digest":{"length":816,"function_hash":"269350412939707273940773259891075763573"},"target":{"function":"convert_to_decimal","file":"lib/vasnprintf.c"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"source":"https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35","id":"CVE-2018-17942-d2e104c4","target":{"file":"tests/test-vasnprintf.c"},"digest":{"threshold":0.9,"line_hashes":["131391253255561766648621509591014579029","133734765937967660399959801886915531128","46393908124578637128160449109458356407","202363911030448863139018023131591996039"]},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}