There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html | Third Party Advisory |
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html | Exploit Mailing List Third Party Advisory |
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html | Mailing List Patch Third Party Advisory |
https://security.gentoo.org/glsa/202101-28 | Third Party Advisory |
Configurations
History
10 Feb 2021, 15:13
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202101-28 - Third Party Advisory |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-10-14 21:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-17594
Mitre link : CVE-2019-17594
CVE.ORG link : CVE-2019-17594
JSON object : View
Products Affected
opensuse
- leap
gnu
- ncurses
CWE
CWE-125
Out-of-bounds Read