OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/pancurses/RUSTSEC-2019-0005.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

623 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2019-0005"
package = "pancurses"
aliases = ["CVE-2019-15546", "GHSA-m57c-4vvx-gjgq"]
cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
date = "2019-06-15"
url = "https://github.com/RustSec/advisory-db/issues/106"

[affected.functions]
"pancurses::mvprintw" = [">= 0"]
"pancurses::printw" = [">= 0"]

[versions]
patched = []

Format string vulnerabilities in pancurses

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory.