Описание
A NULL pointer dereference was found in the way the _nc_parse_entry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ncurses | Will not fix | ||
| Red Hat Enterprise Linux 6 | ncurses | Will not fix | ||
| Red Hat Enterprise Linux 7 | ncurses | Fix deferred | ||
| Red Hat Enterprise Linux 8 | ncurses | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1576119ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c.
2.8 Low
CVSS3
Связанные уязвимости
ubuntu
почти 8 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
nvd
почти 8 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
2.8 Low
CVSS3