Hide Forgot
Adding four CVE's: CVE-2019-11640: An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a. CVE-2019-11639: An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. CVE-2019-11638: An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. CVE-2019-11637: An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. References: https://github.com/TeamSeri0us/pocs/blob/master/recutils/bug-report-recutils/ https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/recfix https://github.com/TeamSeri0us/pocs/tree/master/recutils/bug-report-recutils/rec2csv
Created recutils tracking bugs for this issue: Affects: fedora-all [bug 1705944]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.