On 5/13/25 7:14 PM, Александр Ушаков wrote:
Dear Bash maintainers,I recently reported a NULL-pointer dereference issues (leading to a segmentation fault) in Bash 5.2. Thank you for confirming the bug and worked on a fix.Could you clarify whether a CVE will be assigned for this vulnerability? If so, would you like me to request one through MITRE or another CNA, or will the Bash team handle the CVE assignment?
This does not require a CVE assignment.
For reference, I believe this qualifies for a CVE because:
*
It is a reproducible crash (DoS) in a security-sensitive component
(command interpreter).
If we follow this logic, every bug that crashes bash, even with fuzzing
input like this one, requires a CVE, even if there's no privilege
escalation.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU c...@case.edu http://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature
