CVE-2020-19187

NameCVE-2020-19187
DescriptionBuffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ncurses (PTS)bullseye6.2+20201114-2+deb11u2fixed
bookworm6.4-4fixed
sid, trixie6.5-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ncursessourcebuster6.1+20181013-2+deb10u2
ncursessource(unstable)6.1+20191019-1

Notes

https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc3.md
Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels
https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
CVE-2020-19187 seems to be a duplicate of CVE-2019-17595 but keep distinct for now

Search for package or bug name: Reporting problems