CVE-2020-19189

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
gnuncurses
6.1
netappactive_iq_unified_manager
-
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ncurses
bullseye
6.2+20201114-2+deb11u2
fixed
bookworm
6.4-4
fixed
sid
6.5-2
fixed
trixie
6.5-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ncurses
mantic
not-affected
lunar
not-affected
jammy
not-affected
focal
not-affected
bionic
Fixed 6.1-1ubuntu1.18.04.1+esm1
released
xenial
Fixed 6.0+20160213-1ubuntu1+esm4
released
trusty
Fixed 5.9+20140118-1ubuntu1+esm4
released
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2023/Dec/10
http://seclists.org/fulldisclosure/2023/Dec/11
http://seclists.org/fulldisclosure/2023/Dec/9
https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html
https://security.netapp.com/advisory/ntap-20231006-0005/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
https://support.apple.com/kb/HT214038
http://seclists.org/fulldisclosure/2023/Dec/10
http://seclists.org/fulldisclosure/2023/Dec/11
http://seclists.org/fulldisclosure/2023/Dec/9
https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html
https://security.netapp.com/advisory/ntap-20231006-0005/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
https://support.apple.com/kb/HT214038