Fluid Attacks Database

Description

The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	gnulib	>=0 <20140202+stable-3.1	20140202+stable-3.1
debian 14	gnulib	>=0 <20140202+stable-3.1	20140202+stable-3.1
debian 11	gnulib	>=0 <20140202+stable-3.1	20140202+stable-3.1
debian 12	gnulib	>=0 <20140202+stable-3.1	20140202+stable-3.1

Aliases

1. CVE-2018-179422. NVD-2018-179423. OSV-DEBIAN-2018-179424. OSV-2018-179425. SECURITY-TRACKER-CVE-2018-17942

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.