CVE-2020-19186

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
gnuncurses
6.1
netappactive_iq_unified_manager
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ncurses
bullseye
6.2+20201114-2+deb11u2
fixed
bookworm
6.4-4
fixed
sid
6.5-2
fixed
trixie
6.5-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ncurses
mantic
not-affected
lunar
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2023/Dec/10
http://seclists.org/fulldisclosure/2023/Dec/11
http://seclists.org/fulldisclosure/2023/Dec/9
https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md
https://security.netapp.com/advisory/ntap-20231006-0005/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
https://support.apple.com/kb/HT214038
http://seclists.org/fulldisclosure/2023/Dec/10
http://seclists.org/fulldisclosure/2023/Dec/11
http://seclists.org/fulldisclosure/2023/Dec/9
https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md
https://security.netapp.com/advisory/ntap-20231006-0005/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
https://support.apple.com/kb/HT214038