[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Status of CVE-2018-19217
From: |
Sylvain Beucler |
Subject: |
Status of CVE-2018-19217 |
Date: |
Mon, 15 Apr 2019 12:23:28 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 |
Hi,
As part of the Debian LTS project I'm triaging active ncurses
vulnerabilities.
For CVE-2018-19217, it seems nobody is able to reproduce the bug:
"In ncurses 6.1, there is a NULL pointer dereference at the function
_nc_name_match that will lead to a denial of service attack."
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217
https://bugzilla.redhat.com/show_bug.cgi?id=1643753
I myself couldn't find a 6.1 version that crashes on this POC.
It was never properly reported to the ncurses project itself, so I'm
doing that now.
Do you consider this bug valid?
If not, I can request a rejection of this CVE.
Cheers!
Sylvain Beucler
- Status of CVE-2018-19217,
Sylvain Beucler <=
- Re: Status of CVE-2018-19217, Thomas Dickey, 2019/04/15
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/19
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/19
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/20
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/21
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/23