CVE-2019-17594

CWE-125 — Out-of-bounds Read CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow11 documents8 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 90.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Ncurses Opensuse Leap

Timeline

PublishedOct 14

Latest updateMay 23

Description

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages4 packages

▶NVDgnu/ncurses< 6.2

▶Debianncurses< 6.1+20191019-1+3

▶Ubuntuncurses< 6.1-1ubuntu1.18.04.1+4

▶NVDopensuse/leap15.0, 15.1+1

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

OSV

ncurses vulnerabilities↗2023-05-23

▶

GHSA

GHSA-wjvh-4293-hh6x: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash↗2022-05-24

▶

OSV

CVE-2019-17594: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash↗2019-10-14

▶

CVEList

CVE-2019-17594: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash↗2019-10-14

▶

📋Vendor Advisories

Ubuntu

ncurses vulnerabilities↗2023-05-23

▶

Ubuntu

ncurses vulnerabilities↗2022-06-14

▶

Red Hat

ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c↗2019-10-11

▶

Debian

CVE-2019-17594: ncurses - There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/c...↗2019

▶

💬Community

Bugzilla

CVE-2019-17594 ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c [fedora-all]↗2019-10-29

▶

Bugzilla

CVE-2019-17594 ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c↗2019-10-29

▶