CVE Vulnerabilities

CVE-2019-6456

NULL Pointer Dereference

Published: Jan 16, 2019 | Modified: Jan 17, 2019
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Recutils Gnu 1.8 (including) 1.8 (including)
Recutils Ubuntu bionic *
Recutils Ubuntu cosmic *
Recutils Ubuntu disco *
Recutils Ubuntu eoan *
Recutils Ubuntu esm-apps/bionic *
Recutils Ubuntu esm-apps/focal *
Recutils Ubuntu esm-apps/jammy *
Recutils Ubuntu esm-apps/xenial *
Recutils Ubuntu focal *
Recutils Ubuntu groovy *
Recutils Ubuntu hirsute *
Recutils Ubuntu impish *
Recutils Ubuntu jammy *
Recutils Ubuntu kinetic *
Recutils Ubuntu lunar *
Recutils Ubuntu mantic *
Recutils Ubuntu trusty *
Recutils Ubuntu upstream *
Recutils Ubuntu xenial *

Potential Mitigations

References