CVE-2019-6460

MEDIUM

GNU Recutils - NULL Pointer Dereference

Title source: rule

Description

An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.

References (1)

[Exploit, Third Party Advisory] https://github.com/TeamSeri0us/pocs/tree/master/recutils

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0018

EPSS Percentile 39.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (1)

gnu/recutils

Timeline

Published Jan 16, 2019

Tracked Since Feb 18, 2026