Mingw W64 · Mingw-W64 · CVE-2018-1000101
Name of the Vulnerable Software and Affected Versions:
Mingw-w64 versions 5.0.3 and earlier, 5.0.4, 6.0.0, 7.0.0
Description:
The issue is related to an Improper Null Termination in the `mingw-w64-crt` (libc) `snprintf` and `(v)snprintf` functions. This can lead to corruption of subsequent string functions. The attack appears to be exploitable via network, depending on usage, with the worst-case scenario being corruption.
Recommendations:
For Mingw-w64 versions 5.0.3 and earlier: update to a version later than 5.0.3 to resolve the issue.
For Mingw-w64 version 5.0.4: update to a version later than 5.0.4 to resolve the issue.
For Mingw-w64 versions 6.0.0 and 7.0.0: update to a version later than 7.0.0 to resolve the issue.
As a temporary workaround, consider restricting the use of the `snprintf` and `(v)snprintf` functions in `mingw-w64-crt` until a patch is available.