Описание
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
Отчет
This vulnerability was rated as LOW severity because it requires the victim to open a specially crafted file. While it doesn’t allow full system compromise, it can cause the application to crash temporarily.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | ncurses | Will not fix | ||
| Red Hat Enterprise Linux 6 | ncurses | Will not fix | ||
| Red Hat Enterprise Linux 7 | ncurses | Will not fix | ||
| Red Hat Enterprise Linux 8 | ncurses | Will not fix |
Показывать по
Дополнительная информация
Статус:
4.7 Medium
CVSS3
Связанные уязвимости
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...
4.7 Medium
CVSS3