{"id":"CVE-2018-20541","details":"There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).","modified":"2026-04-11T14:11:03.184313Z","published":"2018-12-28T16:29:04.643Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652632"},{"type":"FIX","url":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d"},{"type":"FIX","url":"https://github.com/hfp/libxsmm/issues/287"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hfp/libxsmm","events":[{"introduced":"0"},{"fixed":"151481489192e6d1997f8bde52c5c425ea41741d"}]},{"type":"GIT","repo":"https://github.com/hfp/libxsmm","events":[{"introduced":"0"},{"fixed":"151481489192e6d1997f8bde52c5c425ea41741d"}]}],"database_specific":{"vanir_signatures":[{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-42082ee1","digest":{"length":2899,"function_hash":"253237323125577349990588301710073922474"},"deprecated":false,"signature_version":"v1","target":{"file":"src/generator_spgemm_csr_reader.c","function":"libxsmm_sparse_csr_reader"},"signature_type":"Function"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-44059b59","digest":{"length":2305,"function_hash":"257932478644569493591294152135594238066"},"deprecated":false,"signature_version":"v1","target":{"file":"samples/edge/edge_proxy_common.c","function":"edge_sparse_csr_reader_double"},"signature_type":"Function"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-5066215b","digest":{"line_hashes":["241923795223860916277411171048424946468","209110177833169472757848964198364002047","226469009479139064176779870339992460152","192626307265761018682685695128013722668","261546154635701793906232853738646677101","18508411805474619725990427461893891957","51501535861073324594083067657348697914","110807367558379506002077375399143442439","257165498594075926253907697244042964172"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"src/generator_spgemm_csr_reader.c"},"signature_type":"Line"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-914a6527","digest":{"line_hashes":["241923795223860916277411171048424946468","209110177833169472757848964198364002047","54720283948260693235784795782894161382","159871792082033176477973504123091930777"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"samples/edge/edge_proxy_common.c"},"signature_type":"Line"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-956a0ae8","digest":{"line_hashes":["241923795223860916277411171048424946468","209110177833169472757848964198364002047","54720283948260693235784795782894161382","217042301667030676819970089241851533120"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"samples/pyfr/pyfr_driver_asp_reg.c"},"signature_type":"Line"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-a58f01b5","digest":{"line_hashes":["241923795223860916277411171048424946468","107558474951648408386904201689056226698","283203830907550038709210239009337494119","18022234622339816638805531357357536949","291840242035544412416174133096187863902","18508411805474619725990427461893891957","4969517896670101590188015537595354571","291749407274234609554627974998776176771","205777411820530140292049990175321492587","206743855182286230386096444765258334159"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"src/generator_spgemm_csc_reader.c"},"signature_type":"Line"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-d0044958","digest":{"length":2899,"function_hash":"117423682803360476822542486759614065109"},"deprecated":false,"signature_version":"v1","target":{"file":"src/generator_spgemm_csc_reader.c","function":"libxsmm_sparse_csc_reader"},"signature_type":"Function"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-ee91e15d","digest":{"length":2342,"function_hash":"252726746632772907463537910857054546701"},"deprecated":false,"signature_version":"v1","target":{"file":"samples/pyfr/pyfr_driver_asp_reg.c","function":"my_csr_reader"},"signature_type":"Function"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-f3f56076","digest":{"length":2495,"function_hash":"288578049635566099234369255849468353491"},"deprecated":false,"signature_version":"v1","target":{"file":"samples/edge/common_edge_proxy.h","function":"libxsmm_sparse_csr_reader"},"signature_type":"Function"},{"source":"https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d","id":"CVE-2018-20541-ffa602e8","digest":{"line_hashes":["241923795223860916277411171048424946468","209110177833169472757848964198364002047","54720283948260693235784795782894161382","217042301667030676819970089241851533120"],"threshold":0.9},"deprecated":false,"signature_version":"v1","target":{"file":"samples/edge/common_edge_proxy.h"},"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20541.json","vanir_signatures_modified":"2026-04-11T14:11:03Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}