[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Status of CVE-2018-19217
|
From: |
Thomas Dickey |
|
Subject: |
Re: Status of CVE-2018-19217 |
|
Date: |
Mon, 15 Apr 2019 18:54:47 -0400 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Mon, Apr 15, 2019 at 12:23:28PM +0200, Sylvain Beucler wrote:
> Hi,
>
> As part of the Debian LTS project I'm triaging active ncurses
> vulnerabilities.
>
> For CVE-2018-19217, it seems nobody is able to reproduce the bug:
> "In ncurses 6.1, there is a NULL pointer dereference at the function
> _nc_name_match that will lead to a denial of service attack."
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217
> https://bugzilla.redhat.com/show_bug.cgi?id=1643753
>
> I myself couldn't find a 6.1 version that crashes on this POC.
> It was never properly reported to the ncurses project itself, so I'm
> doing that now.
>
> Do you consider this bug valid?
no - it was reported in the wrong place, and I was unable to reproduce it.
> If not, I can request a rejection of this CVE.
sounds good
--
Thomas E. Dickey <address@hidden>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: Digital signature
- Status of CVE-2018-19217, Sylvain Beucler, 2019/04/15
- Re: Status of CVE-2018-19217,
Thomas Dickey <=
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/19
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/19
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/20
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/21
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/23