CVE-2018-19211

CWE-476 — NULL Pointer Dereference CWE-119 — Buffer Overflow10 documents8 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 48.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Ncurses

Timeline

PublishedNov 12

Latest updateJun 14

Description

In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianncurses< 6.1+20180210-3+3

▶NVDgnu/ncurses6.1

🔴Vulnerability Details

OSV

ncurses vulnerabilities↗2022-06-14

▶

GHSA

GHSA-g37h-6hrw-v99v: In ncurses 6↗2022-05-14

▶

CVEList

CVE-2018-19211: In ncurses 6↗2018-11-12

▶

OSV

CVE-2018-19211: In ncurses 6↗2018-11-12

▶

📋Vendor Advisories

Ubuntu

ncurses vulnerabilities↗2022-06-14

▶

Red Hat

ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c↗2018-10-28

▶

Debian

CVE-2018-19211: ncurses - In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry ...↗2018

▶

💬Community

Bugzilla

CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c [fedora-all]↗2018-11-22

▶

Bugzilla

CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c↗2018-11-22

▶