NULL Pointer Dereference Vulnerability in ncurses by the Vendor
CVE-2018-19217

6.5MEDIUM

Key Information:

Vendor: Gnu
Status: Ncurses
Vendor: CVE Published:; 12 November 2018

What is CVE-2018-19217?

In certain versions of ncurses, particularly 6.x, a vulnerability exists due to a NULL pointer dereference in the _nc_name_match function. This may allow an attacker to exploit the issue, potentially leading to a denial of service condition. While earlier reports indicated that version 6.1 was affected, the maintainer noted that the problem did not reproduce for that specific version according to reliable sources.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1643753

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2018
Vulnerability Reserved
Nov 12, 2018

Gnu

What is CVE-2018-19217?

References

CVSS V3.1

Timeline