Untrusted Pointer Dereference in GNU Recutils Affects Application Stability
CVE-2021-46019

5.5MEDIUM

Key Information:

Vendor
Gnu
Status
Recutils
Vendor
CVE Published:
14 January 2022

Summary

An untrusted pointer dereference vulnerability exists in the rec_db_destroy() function of rec-db.c in GNU Recutils v1.8.90. This flaw can result in a segmentation fault or lead to a crash of the associated application, posing a risk to system stability and availability. Proper input validation and pointer management should be implemented to mitigate this issue.

References

https://lists.gnu.org/archive/html/bug-recutils/2021-12/m...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.