CVE-2018-17144 was a bug that could have allowed an attacker to spend the same BTC more than once.
An optimization included in Bitcoin Core 0.14.0 skipped a check on newly-received blocks that was thought to be redundant, making the node willing to partly process blocks that tried to spend the same input more than once. This would trigger some code meant to catch unexpected node operation and cause the node to deliberately crash. This allowed a denial-of-service attack that could be exploited by miners.
The code meant to catch unexpected operation (an assert) was rewritten for Bitcoin Core 0.15.0, unintentionally allowing the node to continue operation in the case of duplication inputs. This allowed a miner to spend the same BTC more than once.
These changes were ported to Bitcoin Cash as well.
The vulnerability was discovered and disclosed by Bitcoin Cash developer Awemany on September 17th, 2018. Patches were available within hours, and a binary release for the current release branch within 36 hours. After several developers reviewing the patch were able to reverse engineer the bug and discover the inflation risk, a full disclosure was made by Bitcoin Core developers on September 20th, 2018.
The bug was never exploited on the Bitcoin Core nor Bitcoin Cash mainnet and an overwhelming majority of full nodes subsequently updated to unaffected versions of Bitcoin Core / Bitcoin Cash
After the full disclosure, the bug was exploited on Bitcoin Core testnet, causing any nodes still running Bitcoin Core 0.14.x to crash and nodes running 0.15.0 to 0.16.2 to accept a transaction that spent the same funds more than once. When testnet miners managed to produce a valid chain with more proof-of-work than the invalid chain, those non-upgraded nodes attempted to switch to the new chain but were unable to fully un-spend a double-spent input. This left the old testnet nodes stuck on a lower-proof-of-work block chain, requiring manual user intervention to fix them.