[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Status of CVE-2018-19217
|
From: |
Sylvain Beucler |
|
Subject: |
Re: Status of CVE-2018-19217 |
|
Date: |
Fri, 19 Apr 2019 12:28:28 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
Hi,
On 16/04/2019 00:54, Thomas Dickey wrote:
> On Mon, Apr 15, 2019 at 12:23:28PM +0200, Sylvain Beucler wrote:
>> As part of the Debian LTS project I'm triaging active ncurses
>> vulnerabilities.
>>
>> For CVE-2018-19217, it seems nobody is able to reproduce the bug:
>> "In ncurses 6.1, there is a NULL pointer dereference at the function
>> _nc_name_match that will lead to a denial of service attack."
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19217
>> https://bugzilla.redhat.com/show_bug.cgi?id=1643753
>>
>> I myself couldn't find a 6.1 version that crashes on this POC.
>> It was never properly reported to the ncurses project itself, so I'm
>> doing that now.
>>
>> Do you consider this bug valid?
> no - it was reported in the wrong place, and I was unable to reproduce it.
>
>> If not, I can request a rejection of this CVE.
> sounds good
MITRE now marks it as "** DISPUTED **".
Not much more I can do AFAIK.
Thanks!
- Sylvain
- Status of CVE-2018-19217, Sylvain Beucler, 2019/04/15
- Re: Status of CVE-2018-19217, Thomas Dickey, 2019/04/15
- Re: Status of CVE-2018-19217,
Sylvain Beucler <=
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/19
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/20
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/20
- Re: Status of CVE-2018-19217, Damien Guibouret, 2019/04/21
- Re: Status of CVE-2018-19217, Sylvain Beucler, 2019/04/23