CVE-2018-1000101

Name of the Vulnerable Software and Affected Versions: Mingw-w64 versions 5.0.3 and earlier, 5.0.4, 6.0.0, 7.0.0

Description: The issue is related to an Improper Null Termination in the mingw-w64-crt (libc) snprintf and (v)snprintf functions. This can lead to corruption of subsequent string functions. The attack appears to be exploitable via network, depending on usage, with the worst-case scenario being corruption.

Recommendations: For Mingw-w64 versions 5.0.3 and earlier: update to a version later than 5.0.3 to resolve the issue. For Mingw-w64 version 5.0.4: update to a version later than 5.0.4 to resolve the issue. For Mingw-w64 versions 6.0.0 and 7.0.0: update to a version later than 7.0.0 to resolve the issue. As a temporary workaround, consider restricting the use of the snprintf and (v)snprintf functions in mingw-w64-crt until a patch is available.