CVE-2020-19186

CWE-787Out-of-bounds WriteCWE-125Out-of-bounds Read9 documents7 sources
Severity
6.5MEDIUM
EPSS
6.2%
top 9.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Ncurses
Timeline
PublishedAug 22
Latest updateDec 11

Description

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianncurses< 6.1+20191019-1+3
NVDgnu/ncurses6.1

🔴Vulnerability Details

3
GHSA
GHSA-pp24-hg2j-66jm: Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash2023-08-22
OSV
CVE-2020-19186: Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash2023-08-22
CVEList
CVE-2020-19186: Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash2023-08-22

📋Vendor Advisories

5
Apple
CVE-2020-19186: macOS Ventura 13.6.32023-12-11
Apple
CVE-2020-19186: macOS Monterey 12.7.22023-12-11
Apple
CVE-2020-19186: macOS Sonoma 14.22023-12-11
Debian
CVE-2020-19186: ncurses - Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66...2020
Red Hat
ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:662019-05-03