CVE-2019-17594
published 2019-10-14CVE-2019-17594: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
medium5.3CVSS 3.1
AVLACLPRLUINSUCLILAL
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ncurses | < ncurses 6.1+20191019-1 (bookworm) | ncurses 6.1+20191019-1 (bookworm) |
| gnu | ncurses | < 6.2 | 6.2 |
| gnu | ncurses | >= 0 < 6.1+20191019-1 | 6.1+20191019-1 |
| gnu | ncurses | >= 0 < 6.1+20191019-1 | 6.1+20191019-1 |
| gnu | ncurses | >= 0 < 6.1+20191019-1 | 6.1+20191019-1 |
| gnu | ncurses | >= 0 < 6.1+20191019-1 | 6.1+20191019-1 |
| gnu | ncurses | >= 0 < 6.1-1ubuntu1.18.04.1 | 6.1-1ubuntu1.18.04.1 |
| gnu | ncurses | >= 0 < 6.2-0ubuntu2.1 | 6.2-0ubuntu2.1 |
| gnu | ncurses | >= 0 < 6.3-2ubuntu0.1 | 6.3-2ubuntu0.1 |
| gnu | ncurses | >= 0 < 5.9+20140118-1ubuntu1+esm3 | 5.9+20140118-1ubuntu1+esm3 |
| gnu | ncurses | >= 0 < 5.9+20140118-1ubuntu1+esm2 | 5.9+20140118-1ubuntu1+esm2 |
| gnu | ncurses | >= 0 < 6.0+20160213-1ubuntu1+esm3 | 6.0+20160213-1ubuntu1+esm3 |
| gnu | ncurses | >= 0 < 6.0+20160213-1ubuntu1+esm2 | 6.0+20160213-1ubuntu1+esm2 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
osv7.8HIGH