Sorry,I can't find a suitable component for this bug, and I select binutils. 1)The file path containing this vulnerability: intl/l10nflist.c 2)Line number: 433 3)Code fragment (from line 415 to line 433): retval = (char *) malloc ((only_digit ? 3 : 0) + len + 1); if (retval != NULL) { if (only_digit) wp = stpcpy (retval, "iso"); else wp = retval; for (cnt = 0; cnt < name_len; ++cnt) if (isalpha ((unsigned char) codeset[cnt])) *wp++ = tolower ((unsigned char) codeset[cnt]); else if (isdigit ((unsigned char) codeset[cnt])) *wp++ = codeset[cnt]; *wp = '\0'; } return (const char *) retval; 4) Short description: The variable "retval" is assigned at line 415 via function "malloc". Although it is sanity-checked, this function can still return a NULL pointer if retval is NULL.The "_nl_normalize_codeset" function is called at line 115 "*normali zed_codeset = _nl_normalize_codeset (*codeset,cp - *codeset);" in file intl/explodename.c. If variable normalized_codeset is null, then the following strcmp function will have a NULL pointer argument and a NULL pointer dereference vulnerability occur
The Version is the newest 2.23.1,but I can't find it in the the Version list.