CVE-2019-15546

Name of the Vulnerable Software and Affected Versions pancurses versions through 0.16.1

Description The issue is related to format string vulnerabilities in the printw and mvprintw functions. Specifically, pancurses::mvprintw and pancurses::printw pass a pointer from a Rust &str to C, allowing hostile input to execute a format string attack. This attack can trivially allow writing arbitrary data to stack memory.

Recommendations For versions through 0.16.1, consider restricting the use of the pancurses::mvprintw and pancurses::printw functions until a patch is available to prevent format string attacks. As a temporary workaround, avoid using these functions with untrusted input to minimize the risk of exploitation.