CVE-2020-19189

moderate-risk
Published 2023-08-22

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Do I need to act?

~
1.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Debian Gnu Netapp

References (18)

http://seclists.org/fulldisclosure/2023/Dec/10
http://seclists.org/fulldisclosure/2023/Dec/11
http://seclists.org/fulldisclosure/2023/Dec/9
Exploit https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
Mailing List https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20231006-0005/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
https://support.apple.com/kb/HT214038
http://seclists.org/fulldisclosure/2023/Dec/10
http://seclists.org/fulldisclosure/2023/Dec/11
http://seclists.org/fulldisclosure/2023/Dec/9
Exploit https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
Mailing List https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20231006-0005/
https://support.apple.com/kb/HT214036
https://support.apple.com/kb/HT214037
https://support.apple.com/kb/HT214038
38
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 5/34 · Minimal
Exposure 9/34 · Low