CVE-2019-17595

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions ncurses versions prior to 6.1-20191012

Description The issue is related to a heap-based buffer over-read in the fmt entry function in tinfo/comp hash.c of the terminfo library. This could allow a remote attacker to disclose protected information and cause a denial of service.

Recommendations For versions prior to 6.1-20191012, update to version 6.1-20191012 or later to resolve the issue. As a temporary workaround, consider restricting access to the fmt entry function in tinfo/comp hash.c until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2021:4426

ALT-PU-2020-3296

BDU:2020-01854

CESA-2021_4426

CVE-2019-17595

MGASA-2019-0387

OPENSUSE-SU-2019:2550-1

OPENSUSE-SU-2019:2551-1

OPENSUSE-SU-2019_2550-1

OPENSUSE-SU-2019_2551-1

RHSA-2021:4426

RHSA-2021_4426

RLSA-2021:4426

SUSE-SU-2019:2997-1

SUSE-SU-2019:3094-1

USN-5477-1

USN-6099-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Ncurses

CVE-2019-17595

Weakness Enumeration

Related Identifiers

Affected Products

References · 82