CVE-2019-15547Use of Externally-Controlled Format String in Project Ncurses

CWE-134Use of Externally-Controlled Format String7 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 53.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ncurses Project NcursesGNU Ncurses
Timeline
PublishedAug 26
Latest updateAug 25

Description

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

crates.iognu/ncurses5.101.0+1

🔴Vulnerability Details

6
OSV
Mishandling of format strings in ncurses2021-08-25
GHSA
Mishandling of format strings in ncurses2021-08-25
OSV
Buffer overflow and format vulnerabilities in ncurses2021-08-25
OSV
CVE-2019-15547: An issue was discovered in the ncurses crate through 52019-08-26
CVEList
CVE-2019-15547: An issue was discovered in the ncurses crate through 52019-08-26
CVE-2019-15547 — Ncurses Project Ncurses vulnerability | cvebase