{"id":"CVE-2018-6758","details":"The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.","modified":"2026-04-11T14:11:08.171544Z","published":"2018-02-06T18:29:00.447Z","related":["openSUSE-SU-2024:11490-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00010.html"},{"type":"FIX","url":"http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html"},{"type":"FIX","url":"https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/unbit/uwsgi","events":[{"introduced":"0"},{"last_affected":"d461b0c7087f181a28d25e8b06320ab5ec637f78"},{"fixed":"cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.15"}]}}],"versions":["0.9.5","0.9.5.1","0.9.5beta1","0.9.5rc1","0.9.5rc2","0.9.6","0.9.6-rc1","0.9.6-rc2","0.9.6.1","0.9.6.2","0.9.7","0.9.7-beta1","0.9.7-rc1","0.9.7-rc2","0.9.7-rc3","0.9.7.1","0.9.7.2","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.8.1","0.9.8.2","0.9.8.3","0.9.9","0.9.9-beta1","0.9.9-rc1","0.9.9-rc2","1.0","1.0-rc1","1.0-rc10","1.0-rc2","1.0-rc3","1.0-rc4","1.0-rc5","1.0-rc6","1.0-rc7","1.0-rc8","1.0-rc9","1.0.1","1.1","1.1-rc1","1.1-rc2","1.1-rc3","1.1-rc4","1.2","1.2-rc1","1.2-rc2","1.3","1.3-rc2","1.3-rc3","1.3-rc4","1.4-rc1","1.4-rc2","1.9","1.9-rc1","1.9-rc2","1.9.1","1.9.10","1.9.11","1.9.12","1.9.13","1.9.14","1.9.15","1.9.16","1.9.17","1.9.17.1","1.9.18.1","1.9.19","1.9.2","1.9.21","1.9.21.1","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.9","2.0","2.0-rc1","2.0.1","2.0.10","2.0.11.1","2.0.11.2","2.0.12","2.0.13","2.0.13.1","2.0.14","2.0.15","2.0.2","2.0.3","2.0.4","2.0.5","2.0.5.1","2.0.6","2.0.7","2.0.8","2.0.9","no_server_mode"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe","signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["243490772673003282157936558199904593426","181592824591725200369686474910206047044","158615905151477501614971574296757523196","315841527456661264510776714703848883239","26709189314742607060451259810244503048","289459625645574912563299582688155520997","219008088992257488316115284816062178646","28645312378549450316791241360275036809","212277688537049713480888295541017770230","164660208065612182782306403571297121072","304630623969915843393271732044436154810","95920019456127796046077306239782103910"],"threshold":0.9},"id":"CVE-2018-6758-e1f148c8","target":{"file":"core/utils.c"},"deprecated":false},{"source":"https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe","signature_type":"Function","signature_version":"v1","digest":{"function_hash":"117135496517650499400134591371153409223","length":337},"id":"CVE-2018-6758-ff0cd9e1","target":{"file":"core/utils.c","function":"uwsgi_expand_path"},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6758.json","vanir_signatures_modified":"2026-04-11T14:11:08Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}