CVE-2019-17595

5.4MEDIUM

Key Information:

Vendor: Gnu
Status: Ncurses
Vendor: CVE Published:; 14 October 2019

Summary

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

References

https://lists.gnu.org/archive/html/bug-ncurses/2019-10/ms...

x_refsource_MISC

https://lists.gnu.org/archive/html/bug-ncurses/2019-10/ms...

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2019
Vulnerability Reserved
Oct 14, 2019

.