CVE-2018-19217

CWE-476NULL Pointer DereferenceCWE-119Buffer Overflow8 documents7 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 39.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Ncurses
Timeline
PublishedNov 12
Latest updateMay 14

Description

In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianncurses< 6.0+20170701-1+3
NVDgnu/ncurses6.1

🔴Vulnerability Details

3
GHSA
GHSA-gm6j-8p43-6m5w: ** DISPUTED ** In ncurses, possibly a 62022-05-14
OSV
CVE-2018-19217: In ncurses, possibly a 62018-11-12
CVEList
CVE-2018-19217: In ncurses, possibly a 62018-11-12

📋Vendor Advisories

2
Red Hat
ncurses: Null pointer dereference at function _nc_name_match2018-11-12
Debian
CVE-2018-19217: ncurses - In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the f...2018

💬Community

2
Bugzilla
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match [fedora-all]2018-11-22
Bugzilla
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match2018-11-22