CVE-2018-17942

Publication date 3 October 2018

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

8.8 · High

Score breakdown

Description

The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.

Status

Package Ubuntu Release Status
gnulib 19.04 disco
Not affected
18.10 cosmic
Fixed 20140202+stable-3.1~build0.18.10.1
18.04 LTS bionic
Fixed 20140202+stable-2+deb8u1build0.18.04.1
16.04 LTS xenial
Fixed 20140202+stable-2+deb8u1build0.16.04.1
14.04 LTS trusty Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 8.8 · High

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H


Access our resources on patching vulnerabilities