CVE-2019-11638

CWE-125Out-of-bounds ReadCWE-476NULL Pointer Dereference9 documents7 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 60.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Recutils
Timeline
PublishedMay 1
Latest updateDec 4

Description

An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Ubunturecutils< 1.7-1ubuntu0.1~esm1+3
NVDgnu/recutils1.8

🔴Vulnerability Details

4
OSV
recutils vulnerabilities2024-12-04
GHSA
GHSA-68jp-v8xx-q94v: An issue was discovered in GNU recutils 12022-05-24
CVEList
CVE-2019-11638: An issue was discovered in GNU recutils 12019-05-01
OSV
CVE-2019-11638: An issue was discovered in GNU recutils 12019-05-01

📋Vendor Advisories

2
Ubuntu
recutils vulnerabilities2024-12-04
Debian
CVE-2019-11638: recutils - An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference...2019

💬Community

2
Bugzilla
CVE-2019-11640 CVE-2019-11637 CVE-2019-11638 CVE-2019-11639 recutils: Multiple security issues2019-05-03
Bugzilla
CVE-2019-11640 CVE-2019-11637 CVE-2019-11638 CVE-2019-11639 recutils: Multiple security issues [fedora-all]2019-05-03
CVE-2019-11638 (MEDIUM CVSS 6.5) | An issue was discovered in GNU recu | cvebase.io