CVE-2023-45925
Public on 2024-03-27
Modified on 2024-08-09
Description
GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).
Amazon Linux has assessed CVE-2023-45925 for mc in both Amazon Linux 2023 and Amazon Linux 2. We align with the conclusion from upstream that it is a usability issue rather than a security issue. The silent crash caused in this is concluded to be non-fatal. Thus no fix will be provided for mc for both AL2023 and AL2 at this time.
Amazon Linux has assessed CVE-2023-45925 for mc in both Amazon Linux 2023 and Amazon Linux 2. We align with the conclusion from upstream that it is a usability issue rather than a security issue. The silent crash caused in this is concluded to be non-fatal. Thus no fix will be provided for mc for both AL2023 and AL2 at this time.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | mc | No Fix Planned | ||
| Amazon Linux 2 - Core | mc | No Fix Planned | ||
| Amazon Linux 2023 | mc | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.0 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |