CVE-2019-17595

Name
CVE-2019-17595
Description
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
Exploit https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html
Third Party Advisory https://security.gentoo.org/glsa/202101-28

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:ncurses:*:*:*:*:*:*:*:* ncurses >= None < 6.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ncurses 3.11-main 6.1_p20200118-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable