Vulnerabilities > CVE-2018-19211 - NULL Pointer Dereference vulnerability in GNU Ncurses 6.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1516.NASL description This update for ncurses fixes the following issues : Security issue fixed : - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed : - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-12-10 plugin id 119545 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119545 title openSUSE Security Update : ncurses (openSUSE-2018-1516) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2420.NASL description According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(CVE-2019-17594) - There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(CVE-2019-17595) - In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.(CVE-2017-10684) - In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.(CVE-2017-10685) - In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.(CVE-2017-11112) - In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.(CVE-2017-11113) - There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.(CVE-2017-13728) - There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.(CVE-2017-13729) - There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13730) - There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13731) - There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13732) - There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13733) - There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13734) - In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a last seen 2020-05-08 modified 2019-12-10 plugin id 131912 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131912 title EulerOS 2.0 SP2 : ncurses (EulerOS-SA-2019-2420) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1509.NASL description This update for ncurses fixes the following issue : Security issue fixed : - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-12-10 plugin id 119542 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119542 title openSUSE Security Update : ncurses (openSUSE-2018-1509) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-984.NASL description This update for ncurses fixes the following issues : Security issue fixed : - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed : - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123401 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123401 title openSUSE Security Update : ncurses (openSUSE-2019-984) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3967-1.NASL description This update for ncurses fixes the following issue : Security issue fixed : CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-13 modified 2018-12-04 plugin id 119335 published 2018-12-04 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119335 title SUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:3967-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4000-1.NASL description This update for ncurses fixes the following issues : Security issue fixed : CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-02 plugin id 120179 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120179 title SUSE SLED15 / SLES15 Security Update : ncurses (SUSE-SU-2018:4000-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2634.NASL description According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a last seen 2020-05-08 modified 2019-12-18 plugin id 132169 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132169 title EulerOS 2.0 SP3 : ncurses (EulerOS-SA-2019-2634)