CVE-2019-17595
Description
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
EPSS Score
Exploitation Probability
0.086
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) libncurses5-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) libncurses5-32bit-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) libncurses5-debuginfo-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) libncurses5-debuginfo-32bit-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) libncurses6-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) libncurses6-32bit-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) libncurses6-debuginfo-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) libncurses6-debuginfo-32bit-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) ncurses-debugsource-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) ncurses-devel-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) ncurses-devel-debuginfo-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) ncurses-utils-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) ncurses-utils-debuginfo-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) tack-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) tack-debuginfo-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) terminfo-5.9-69.1.x86_64.rpm | Linux |
| SUSE-SU-2019:3094-1(SUSE Linux Enterprise Desktop 12-SP4 ) terminfo-base-5.9-69.1.x86_64.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-6.1-9.20180224.el8.x86_64.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-base-6.1-9.20180224.el8.noarch.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-libs-6.1-9.20180224.el8.i686.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-libs-6.1-9.20180224.el8.x86_64.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-term-6.1-9.20180224.el8.noarch.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-devel-6.1-9.20180224.el8.i686.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-devel-6.1-9.20180224.el8.x86_64.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-c++-libs-6.1-9.20180224.el8.i686.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-c++-libs-6.1-9.20180224.el8.x86_64.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-compat-libs-6.1-9.20180224.el8.i686.rpm | Linux |
| ncurses security update (RLSA-2021:4426) ncurses-compat-libs-6.1-9.20180224.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234