Описание
ncurses exposes uninitialized memory in string reading functions
Multiple string reading functions expose uninitialized memory by setting length to capacity when no null terminator is found.
This allows reading uninitialized memory which may contain sensitive data from previous allocations.
The ncurses-rs repository is archived and unmaintained.
Пакеты
Наименование
ncurses
rust
Затронутые версииВерсия исправления
<= 6.0.1
Отсутствует
5.5 Medium
CVSS4
Дефекты
CWE-125
5.5 Medium
CVSS4
Дефекты
CWE-125