CVE-2019-17594

5.3MEDIUM

Key Information:

Vendor: Gnu
Status: Ncurses
Vendor: CVE Published:; 14 October 2019

Summary

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

References

https://lists.gnu.org/archive/html/bug-ncurses/2019-10/ms...

x_refsource_MISC

https://lists.gnu.org/archive/html/bug-ncurses/2019-10/ms...

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2019
Vulnerability Reserved
Oct 14, 2019

.