ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
References
Configurations
History
31 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Dec 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 04:11
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
09 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Sep 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2023-04-14 01:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-29491
Mitre link : CVE-2023-29491
CVE.ORG link : CVE-2023-29491
JSON object : View
Products Affected
gnu
- ncurses
CWE
CWE-787
Out-of-bounds Write