Описание
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
A heap overflow vulnerability has been found in the ncurses package, particularly in the "tic". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.
Отчет
Red Hat Product Security has rated this issue as having a Low security impact because processing terminfo descriptions in the source form should be handled the same way as executable files or source code of any programming language. Users are not supposed to use untrusted terminfo descriptions.
Меры по смягчению последствий
Do not compile untrusted terminfo descriptions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ncurses | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ncurses | Out of support scope | ||
| Red Hat Enterprise Linux 8 | ncurses | Fix deferred | ||
| Red Hat Enterprise Linux 9 | ncurses | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...
EPSS
5.5 Medium
CVSS3