CVE-2023-29491

Name of the Vulnerable Software and Affected Versions ncurses versions prior to 6.4 20230408

Description The issue is related to security-relevant memory corruption via malformed data in a terminfo database file. This can be triggered by local users when the software is used by a setuid application. The corruption can occur when the software accesses files found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variables. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For ncurses versions prior to 6.4 20230408, update to version 6.4 20230408 or later to resolve the issue. As a temporary workaround, consider restricting access to the terminfo database files and environment variables TERMINFO and TERM to minimize the risk of exploitation. Avoid using malformed data in the terminfo database files until the issue is resolved.