Heap-Based Buffer Over-Read in Ncurses Terminfo Library by GNU
CVE-2019-17594

5.3MEDIUM

Key Information:

Vendor

Gnu
Status
Ncurses
Vendor
CVE Published:
14 October 2019

What is CVE-2019-17594?

A heap-based buffer over-read vulnerability exists in the _nc_find_entry function within the terminfo library of the ncurses package. This flaw could allow an attacker to read sensitive data from memory, potentially exposing information that should remain confidential. The vulnerability affects ncurses versions before 6.1-20191012, making it imperative for users to upgrade to the latest version to mitigate risks associated with this security issue.

References

https://lists.gnu.org/archive/html/bug-ncurses/2019-10/ms...
x_refsource_MISC
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/ms...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.