There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html | Third Party Advisory |
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html | Exploit Mailing List Vendor Advisory |
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html | Mailing List Patch Vendor Advisory |
https://security.gentoo.org/glsa/202101-28 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-10-14 21:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-17595
Mitre link : CVE-2019-17595
CVE.ORG link : CVE-2019-17595
JSON object : View
Products Affected
opensuse
- leap
gnu
- ncurses
CWE
CWE-125
Out-of-bounds Read