CVE-2021-46019NULL Pointer Dereference in Recutils

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUMNVD
OSV6.5
EPSS
0.2%
top 53.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU RecutilsFedoraproject Fedora
Timeline
PublishedJan 14
Latest updateDec 4

Description

An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Ubuntugnu/recutils< 1.7-1ubuntu0.1~esm1+3
NVDgnu/recutils1.8.90

Also affects: Fedora 35, 36

🔴Vulnerability Details

4
OSV
recutils vulnerabilities2024-12-04
GHSA
GHSA-r3fv-4xwj-9xf2: An untrusted pointer dereference in rec_db_destroy() at rec-db2022-01-15
CVEList
CVE-2021-46019: An untrusted pointer dereference in rec_db_destroy() at rec-db2022-01-14
OSV
CVE-2021-46019: An untrusted pointer dereference in rec_db_destroy() at rec-db2022-01-14

📋Vendor Advisories

2
Ubuntu
recutils vulnerabilities2024-12-04
Debian
CVE-2021-46019: recutils - An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils...2021
CVE-2021-46019 — NULL Pointer Dereference in Recutils | cvebase