Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2018-1000101

Published: Mar 06, 2018 | Modified: Sep 08, 2021
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000101
CWEhttps://cwe.mitre.org/data/definitions/.html

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network.

Affected Software

Name Vendor Start Version End Version
Mingw-w64 Mingw-w64 * 5.0.3 (including)
Mingw-w64 Ubuntu artful *
Mingw-w64 Ubuntu bionic *
Mingw-w64 Ubuntu cosmic *
Mingw-w64 Ubuntu disco *
Mingw-w64 Ubuntu eoan *
Mingw-w64 Ubuntu groovy *
Mingw-w64 Ubuntu hirsute *
Mingw-w64 Ubuntu impish *
Mingw-w64 Ubuntu kinetic *
Mingw-w64 Ubuntu lunar *
Mingw-w64 Ubuntu mantic *
Mingw-w64 Ubuntu trusty *
Mingw-w64 Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use