Vulnerability Details CVE-2019-17595
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.6%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 5.8
References
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html
- https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
- https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
- https://security.gentoo.org/glsa/202101-28
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html
- https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
- https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
- https://security.gentoo.org/glsa/202101-28
Products affected by CVE-2019-17595
-
cpe:2.3:a:gnu:ncurses:-
-
cpe:2.3:a:gnu:ncurses:4.0
-
cpe:2.3:a:gnu:ncurses:4.1
-
cpe:2.3:a:gnu:ncurses:4.2
-
cpe:2.3:a:gnu:ncurses:5.0
-
cpe:2.3:a:gnu:ncurses:5.1
-
cpe:2.3:a:gnu:ncurses:5.2.
-
cpe:2.3:a:gnu:ncurses:5.3
-
cpe:2.3:a:gnu:ncurses:5.4
-
cpe:2.3:a:gnu:ncurses:5.5
-
cpe:2.3:a:gnu:ncurses:5.6
-
cpe:2.3:a:gnu:ncurses:5.7
-
cpe:2.3:a:gnu:ncurses:5.8
-
cpe:2.3:a:gnu:ncurses:5.9
-
cpe:2.3:a:gnu:ncurses:6.0
-
cpe:2.3:a:gnu:ncurses:6.1
-
cpe:2.3:a:gnu:ncurses:6.1.20180414
-
cpe:2.3:a:gnu:ncurses:6.1.20191012
-
cpe:2.3:o:opensuse:leap:15.0
-
cpe:2.3:o:opensuse:leap:15.1