CVE-2018-1000101 - Vulnerability Details - OpenCVE

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mingw-w64	Mingw-w64

Configuration 1 [-]

cpe:2.3:a:mingw-w64:mingw-w64:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000101.json
https://sourceforge.net/p/mingw-w64/bugs/709/
https://sourceforge.net/p/mingw-w64/bugs/709/?limit=25#1d38/fefc/39aa
https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/snprintf.c#l15
https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/vsnprintf.c#l12

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-06T17:00:00

Updated: 2024-08-05T12:33:49.308Z

Reserved: 2018-03-06T00:00:00

Link: CVE-2018-1000101

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-06T17:29:00.260

Modified: 2024-11-21T03:39:38.967

Link: CVE-2018-1000101

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-02-24T00:00:00", "datePublic": "2018-03-06T00:00:00", "descriptions": [{"lang": "en", "value": "Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-08T11:10:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/mingw-w64/bugs/709/?limit=25#1d38/fefc/39aa"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/snprintf.c#l15"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/vsnprintf.c#l12"}, {"tags": ["x_refsource_MISC"], "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000101.json"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/mingw-w64/bugs/709/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2/24/2018 6:28:21", "ID": "CVE-2018-1000101", "REQUESTER": "mail@dmnk.co", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceforge.net/p/mingw-w64/bugs/709/?limit=25#1d38/fefc/39aa", "refsource": "MISC", "url": "https://sourceforge.net/p/mingw-w64/bugs/709/?limit=25#1d38/fefc/39aa"}, {"name": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/snprintf.c#l15", "refsource": "MISC", "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/snprintf.c#l15"}, {"name": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/vsnprintf.c#l12", "refsource": "MISC", "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/vsnprintf.c#l12"}, {"name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000101.json", "refsource": "MISC", "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000101.json"}, {"name": "https://sourceforge.net/p/mingw-w64/bugs/709/", "refsource": "MISC", "url": "https://sourceforge.net/p/mingw-w64/bugs/709/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:33:49.308Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/mingw-w64/bugs/709/?limit=25#1d38/fefc/39aa"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/snprintf.c#l15"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/vsnprintf.c#l12"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000101.json"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/mingw-w64/bugs/709/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000101", "datePublished": "2018-03-06T17:00:00", "dateReserved": "2018-03-06T00:00:00", "dateUpdated": "2024-08-05T12:33:49.308Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mingw-w64:mingw-w64:*:*:*:*:*:*:*:*", "matchCriteriaId": "175CC4AF-74AC-4E7C-A26F-5EF10682C3D6", "versionEndIncluding": "5.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network."}, {"lang": "es", "value": "Mingw-w64 versi\u00f3n 5.0.3 y anteriores, versi\u00f3n 5.0.4, 6.0.0 y 7.0.0 contiene una vulnerabilidad de Terminaci\u00f3n Nula Impropia (CWE-170) en mingw-w64-crt (libc)->(v)snprintf que puede resultar en El fallo puede ser utilizado para corromper funciones de cadena posteriores. Este ataque parece ser explotable a trav\u00e9s de Dependiendo del uso, el peor caso: red"}], "id": "CVE-2018-1000101", "lastModified": "2024-11-21T03:39:38.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-06T17:29:00.260", "references": [{"source": "cve@mitre.org", "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000101.json"}, {"source": "cve@mitre.org", "url": "https://sourceforge.net/p/mingw-w64/bugs/709/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/mingw-w64/bugs/709/?limit=25#1d38/fefc/39aa"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/snprintf.c#l15"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/vsnprintf.c#l12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000101.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sourceforge.net/p/mingw-w64/bugs/709/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://sourceforge.net/p/mingw-w64/bugs/709/?limit=25#1d38/fefc/39aa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/snprintf.c#l15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://sourceforge.net/p/mingw-w64/mingw-w64/ci/v5.x/tree/mingw-w64-crt/stdio/vsnprintf.c#l12"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}