CVE-2017-15364

Published: Oct 15, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.

Affected (1)

Products: Ccsv Project: Ccsv

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ccsv Project Ccsv	Version 1.1.0

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (4)

https://github.com/evan/ccsv/commit/24e0b9b94c44a15b23475e821366239d53764dbd

Source: cve@mitre.org

https://github.com/evan/ccsv/commit/c59d960ffa6b742a0616a209442618462142e6c1#diff-e39824a4819928ff248d5e90a12d1b311db2923907171cdc0ad7058da12244d9R224

Source: cve@mitre.org

https://github.com/evan/ccsv/issues/15

Source: cve@mitre.org

Third Party Advisory

https://github.com/evan/ccsv/issues/15

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.