ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
History

Thu, 28 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-14T00:00:00

Updated: 2024-11-27T14:45:38.232Z

Reserved: 2023-04-07T00:00:00

Link: CVE-2023-29491

cve-icon Vulnrichment

Updated: 2024-08-02T14:07:46.218Z

cve-icon NVD

Status : Modified

Published: 2023-04-14T01:15:08.570

Modified: 2024-11-21T07:57:09.933

Link: CVE-2023-29491

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-04-12T00:00:00Z

Links: CVE-2023-29491 - Bugzilla