Skip to main content

Ncurses CVE-2018-19217

MEDIUM
NULL Pointer Dereference (CWE-476)
2018-11-12 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 12, 2018 - 19:29 nvd
MEDIUM 6.5

DescriptionNVD

In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party

AnalysisAI

In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party Affected products include: Gnu Ncurses. Version information: version 6.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2021-39537 HIGH POC
8.8 Sep 20

An issue was discovered in ncurses through v6.2-1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2023-29491 HIGH POC
7.8 Apr 14

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory c

CVE-2017-11113 HIGH POC
7.5 Jul 08

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. Rated high s

CVE-2017-13728 HIGH POC
7.5 Aug 29

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. Rated high severit

CVE-2022-29458 HIGH POC
7.1 Apr 18

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_

CVE-2017-13733 MEDIUM POC
6.5 Aug 29

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a r

CVE-2017-13731 MEDIUM POC
6.5 Aug 29

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead

CVE-2017-13729 MEDIUM POC
6.5 Aug 29

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. Rated medium severity (

CVE-2017-13732 MEDIUM POC
6.5 Aug 29

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a

CVE-2017-13730 MEDIUM POC
6.5 Aug 29

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead

CVE-2017-13734 MEDIUM POC
6.5 Aug 29

There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remot

CVE-2017-10684 CRITICAL
9.8 Jun 29

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. Rated critical severity (CVSS 9.8), th

Share

CVE-2018-19217 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy