Vulnerability Details CVE-2018-20542
There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1652633
- https://bugzilla.redhat.com/show_bug.cgi?id=1652635
- https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
- https://github.com/hfp/libxsmm/issues/287
- https://bugzilla.redhat.com/show_bug.cgi?id=1652633
- https://bugzilla.redhat.com/show_bug.cgi?id=1652635
- https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
- https://github.com/hfp/libxsmm/issues/287
Products affected by CVE-2018-20542
-
cpe:2.3:a:libxsmm_project:libxsmm:1.10