[Debian] High CVE: CVE-2023-29491 ncurses: trigger security-relevant memory corruption

Bug #2038881 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Triaged
High
Unassigned

Bug Description

CVE-2023-29491: https://nvd.nist.gov/vuln/detail/CVE-2023-29491

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Base Score: High

Reference:

['libncursesw5-dev_6.2+20201114-2+deb11u1_amd64.deb===>libncursesw5-dev_6.2+20201114-2+deb11u2_amd64.deb', 'libncurses5-dev_6.2+20201114-2+deb11u1_amd64.deb===>libncurses5-dev_6.2+20201114-2+deb11u2_amd64.deb', 'libncurses-dev_6.2+20201114-2+deb11u1_amd64.deb===>libncurses-dev_6.2+20201114-2+deb11u2_amd64.deb', 'libncurses6_6.2+20201114-2+deb11u1_amd64.deb===>libncurses6_6.2+20201114-2+deb11u2_amd64.deb', 'libncursesw6_6.2+20201114-2+deb11u1_amd64.deb===>libncursesw6_6.2+20201114-2+deb11u2_amd64.deb', 'libtinfo6_6.2+20201114-2+deb11u1_amd64.deb===>libtinfo6_6.2+20201114-2+deb11u2_amd64.deb', 'ncurses-base_6.2+20201114-2+deb11u1_all.deb===>ncurses-base_6.2+20201114-2+deb11u2_all.deb', 'ncurses-bin_6.2+20201114-2+deb11u1_amd64.deb===>ncurses-bin_6.2+20201114-2+deb11u2_amd64.deb']

CVE References

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.