Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2024-2412

Related Vulnerabilities: CVE-2019-17594   CVE-2019-17595   CVE-2020-19185   CVE-2020-19186   CVE-2020-19187   CVE-2020-19188   CVE-2020-19189   CVE-2020-19190  

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17594) There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17595) Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19185) Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19186) Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19187) Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19188) Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19189) Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19190)

Source

ALAS-2024-2412

Amazon Linux 2 Security Advisory: ALAS-2024-2412
Advisory Release Date: 2024-01-03 22:21 Pacific
Advisory Updated Date: 2024-01-09 18:00 Pacific
Severity: Medium
Issue Overview:

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17594)

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17595)

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19185)

Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19186)

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19187)

Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19188)

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19189)

Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19190)


Affected Packages:

ncurses


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
"Run yum update ncurses to update your system.
"

New Packages:
aarch64:
    ncurses-6.0-8.20170212.amzn2.1.6.aarch64
    ncurses-libs-6.0-8.20170212.amzn2.1.6.aarch64
    ncurses-compat-libs-6.0-8.20170212.amzn2.1.6.aarch64
    ncurses-c++-libs-6.0-8.20170212.amzn2.1.6.aarch64
    ncurses-devel-6.0-8.20170212.amzn2.1.6.aarch64
    ncurses-static-6.0-8.20170212.amzn2.1.6.aarch64
    ncurses-debuginfo-6.0-8.20170212.amzn2.1.6.aarch64

i686:
    ncurses-6.0-8.20170212.amzn2.1.6.i686
    ncurses-libs-6.0-8.20170212.amzn2.1.6.i686
    ncurses-compat-libs-6.0-8.20170212.amzn2.1.6.i686
    ncurses-c++-libs-6.0-8.20170212.amzn2.1.6.i686
    ncurses-devel-6.0-8.20170212.amzn2.1.6.i686
    ncurses-static-6.0-8.20170212.amzn2.1.6.i686
    ncurses-debuginfo-6.0-8.20170212.amzn2.1.6.i686

noarch:
    ncurses-base-6.0-8.20170212.amzn2.1.6.noarch
    ncurses-term-6.0-8.20170212.amzn2.1.6.noarch

src:
    ncurses-6.0-8.20170212.amzn2.1.6.src

x86_64:
    ncurses-6.0-8.20170212.amzn2.1.6.x86_64
    ncurses-libs-6.0-8.20170212.amzn2.1.6.x86_64
    ncurses-compat-libs-6.0-8.20170212.amzn2.1.6.x86_64
    ncurses-c++-libs-6.0-8.20170212.amzn2.1.6.x86_64
    ncurses-devel-6.0-8.20170212.amzn2.1.6.x86_64
    ncurses-static-6.0-8.20170212.amzn2.1.6.x86_64
    ncurses-debuginfo-6.0-8.20170212.amzn2.1.6.x86_64

Additional References

Red Hat: CVE-2019-17594, CVE-2019-17595, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190

Mitre: CVE-2019-17594, CVE-2019-17595, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started