Описание
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.
Отчет
Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions. The ncurses library shipped with Red Hat Enterprise Linux 9 is not affected by this vulnerability because it has a newer, fixed ncurses version.
Меры по смягчению последствий
Do not compile or decompile untrusted terminfo descriptions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ncurses | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ncurses | Out of support scope | ||
| Red Hat Enterprise Linux 8 | ncurses | Will not fix | ||
| Red Hat Enterprise Linux 9 | ncurses | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
EPSS
6.5 Medium
CVSS3