ALAS2023-2023-023 --- ncursesID: oval:org.secpod.oval:def:19500153 | Date: (C)2023-06-12 (M)2024-04-17 |
Class: PATCH | Family: unix |
The ncurses package is susceptible to a heap overflow on crafted input. When the terminfo entry-description compiler processes input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability. A segmentation fault vulnerability was found in ncurses's convert_strings function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error
Platform: |
Amazon Linux 2023 |