Описание
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Отчет
The impact of this CVE is rated Moderate for several reasons which make it difficult to exploit or limited consequences:
- The only outcome is memory corruption possibly leading to a crash
- There is no trace of privilege escalation
- It cannot be triggered remotely, an attacker must have local access
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ncurses | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ncurses | Out of support scope | ||
| Red Hat Enterprise Linux 8 | ncurses | Fixed | RHSA-2023:5249 | 19.09.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | ncurses | Fixed | RHSA-2024:0416 | 25.01.2024 |
| Red Hat Enterprise Linux 9 | ncurses | Fixed | RHSA-2023:6698 | 07.11.2023 |
| Red Hat Enterprise Linux 9 | ncurses | Fixed | RHSA-2023:6698 | 07.11.2023 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | ncurses | Fixed | RHSA-2023:7361 | 21.11.2023 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
ncurses before 6.4 20230408, when used by a setuid application, allows ...
7.8 High
CVSS3