Vulnerability Details : CVE-2023-29491
Potential exploit
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
Vulnerability category: Memory Corruption
Products affected by CVE-2023-29491
- cpe:2.3:a:gnu:ncurses:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-29491
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-29491
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
N/A
|
N/A
|
Oracle:CPUOct2023 |
CWE ids for CVE-2023-29491
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-29491
-
http://www.openwall.com/lists/oss-security/2023/04/19/10
oss-security - Re: ncurses fixes upstreamMailing List;Patch;Third Party Advisory
-
https://support.apple.com/kb/HT213845
About the security content of macOS Big Sur 11.7.9 - Apple Support
-
https://support.apple.com/kb/HT213844
About the security content of macOS Monterey 12.6.8 - Apple Support
-
https://www.openwall.com/lists/oss-security/2023/04/13/4
oss-security - Re: ncurses fixes upstreamMailing List;Patch
-
https://security.netapp.com/advisory/ntap-20230517-0009/
CVE-2023-29491 GNU Ncurses Vulnerability in NetApp Products | NetApp Product Security
-
https://support.apple.com/kb/HT213843
About the security content of macOS Ventura 13.5 - Apple Support
-
http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
ncurses.scripts.mit.edu Git - ncurses.git/commitMailing List;Patch
-
https://www.openwall.com/lists/oss-security/2023/04/12/5
oss-security - ncurses fixes upstreamMailing List
-
http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
ncurses.scripts.mit.edu Git
-
http://www.openwall.com/lists/oss-security/2023/04/19/11
oss-security - RE: [EXTERNAL] Re: ncurses fixes upstreamExploit;Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/
[SECURITY] Fedora 38 Update: ncurses-6.4-7.20230520.fc38 - package-announce - Fedora Mailing-Lists
-
https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html
[SECURITY] [DLA 3682-1] ncurses security update
Jump to