CVE-2018-19217
Published: 12 November 2018
** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.
Notes
Author | Note |
---|---|
ccdm94 | for xenial and trusty the issue reproduces for the release version of the package with the provided POC file. However, patches applied to fix the CVE group CVE-2017-137xx and the CVE group CVE-2017-1068x have most likely fixed the currently considered vulnerability as well, with the reproducer no longer causing a segmentation fault for versions of the package that include these patches. This means that within the fixes present in the already applied patches was the fix for this CVE as well. |
Priority
Status
Package | Release | Status |
---|---|---|
ncurses Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(6.1-1ubuntu1)
|
cosmic |
Not vulnerable
(6.1-1ubuntu1)
|
|
disco |
Not vulnerable
(6.1-1ubuntu1)
|
|
eoan |
Not vulnerable
(6.1-1ubuntu1)
|
|
focal |
Not vulnerable
(6.2-0ubuntu2)
|
|
groovy |
Not vulnerable
(6.2-0ubuntu2)
|
|
hirsute |
Not vulnerable
(6.2-0ubuntu2)
|
|
impish |
Not vulnerable
(6.2+20201114-2build1)
|
|
jammy |
Not vulnerable
(6.3-2)
|
|
trusty |
Released
(5.9+20140118-1ubuntu1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(6.0-20170701)
|
|
xenial |
Released
(6.0+20160213-1ubuntu1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
Patches: upstream: https://github.com/mirror/ncurses/commit/b22573b1ba4b51da883fa5f805b52f153fa5fae9 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |