CVE-2019-15547

Name of the Vulnerable Software and Affected Versions ncurses versions through 5.99.0

Description The issue is related to format string problems in printw functions due to the mishandling of C format arguments. Additionally, there are buffer overflow issues because buffers without length are passed to C functions, and rust &str is passed to strings expecting C format arguments, allowing for format string attacks. This can lead to writing arbitrary data to stack memory.

Recommendations For versions through 5.99.0, consider disabling the use of functions in the printw family and functions like instr, mvwinstr, etc., until a patch is available to prevent buffer overflows and format string attacks. Restrict access to the vulnerable functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.