CVE-2019-17595

CWE-125 — Out-of-bounds Read CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow11 documents8 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 75.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Ncurses Opensuse Leap

Timeline

PublishedOct 14

Latest updateMay 23

Description

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶NVDgnu/ncurses< 6.2

▶Debianncurses< 6.1+20191019-1+3

▶NVDopensuse/leap15.0, 15.1+1

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

OSV

ncurses vulnerabilities↗2023-05-23

▶

GHSA

GHSA-mhrh-92mr-7rw4: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash↗2022-05-24

▶

CVEList

CVE-2019-17595: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash↗2019-10-14

▶

OSV

CVE-2019-17595: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash↗2019-10-14

▶

📋Vendor Advisories

Ubuntu

ncurses vulnerabilities↗2023-05-23

▶

Ubuntu

ncurses vulnerabilities↗2022-06-14

▶

Red Hat

ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c↗2019-10-11

▶

Debian

CVE-2019-17595: ncurses - There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_h...↗2019

▶

💬Community

Bugzilla

CVE-2019-17595 ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c↗2019-10-29

▶

Bugzilla

CVE-2019-17595 ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c [fedora-all]↗2019-10-29

▶