PT-2019-5181 · Ncurses+8 · Ncurses+8

Zjuchenyuan

Publicado

2019-10-13

Atualizado

2023-05-23

CVE-2019-17595

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions ncurses versions prior to 6.1-20191012

Description The issue is related to a heap-based buffer over-read in the fmt entry function in tinfo/comp hash.c of the terminfo library. This could allow a remote attacker to disclose protected information and cause a denial of service.

Recommendations For versions prior to 6.1-20191012, update to version 6.1-20191012 or later to resolve the issue. As a temporary workaround, consider restricting access to the fmt entry function in tinfo/comp hash.c until a patch is available.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALSA-2021:4426

ALT-PU-2020-3296

BDU:2020-01854

CESA-2021_4426

CVE-2019-17595

MGASA-2019-0387

OPENSUSE-SU-2019:2550-1

OPENSUSE-SU-2019:2551-1

OPENSUSE-SU-2019_2550-1

OPENSUSE-SU-2019_2551-1

RHSA-2021:4426

RHSA-2021_4426

RLSA-2021:4426

SUSE-SU-2019:2997-1

SUSE-SU-2019:3094-1

USN-5477-1

USN-6099-1

Produtos afetados

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Ncurses

PT-2019-5181 · Ncurses+8 · Ncurses+8

CVE-2019-17595

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 82