CVE-2020-19190Out-of-bounds Write in Ncurses

CWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow11 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
6.2%
top 9.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Ncurses
Timeline
PublishedAug 22
Latest updateDec 11

Description

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debiangnu/ncurses< 6.1+20191019-1+3
NVDgnu/ncurses6.1

🔴Vulnerability Details

3
CVEList
CVE-2020-19190: Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash2023-08-22
OSV
CVE-2020-19190: Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash2023-08-22
GHSA
GHSA-98qx-ffph-f5mh: Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash2023-08-22

📋Vendor Advisories

7
Apple
CVE-2020-19190: macOS Ventura 13.6.32023-12-11
Apple
CVE-2023-42838: macOS Ventura 13.6.32023-12-11
Apple
CVE-2020-19190: macOS Sonoma 14.22023-12-11
Apple
CVE-2020-19190: macOS Monterey 12.7.22023-12-11
Apple
CVE-2023-42838: macOS Monterey 12.7.22023-12-11
CVE-2020-19190 — Out-of-bounds Write in GNU Ncurses | cvebase