CVE-2019-17595

EUVD-2019-7923
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
gnuncurses
𝑥
< 6.2
opensuseleap
15.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ncurses
bookworm
6.4-4
fixed
bullseye
6.2+20201114-2+deb11u2
fixed
jessie
no-dsa
sid
6.5-2
fixed
stretch
no-dsa
trixie
6.5-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ncurses
bionic
Fixed 6.1-1ubuntu1.18.04.1
released
disco
ignored
eoan
ignored
focal
Fixed 6.1+20191019-1ubuntu1
released
groovy
Fixed 6.1+20191019-1ubuntu1
released
hirsute
Fixed 6.1+20191019-1ubuntu1
released
impish
Fixed 6.1+20191019-1ubuntu1
released
jammy
Fixed 6.1+20191019-1ubuntu1
released
kinetic
Fixed 6.1+20191019-1ubuntu1
released
lunar
Fixed 6.1+20191019-1ubuntu1
released
trusty
Fixed 5.9+20140118-1ubuntu1+esm2
released
xenial
Fixed 6.0+20160213-1ubuntu1+esm2
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
https://security.gentoo.org/glsa/202101-28
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
https://security.gentoo.org/glsa/202101-28