mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-23 15:38:27 +01:00
27 lines
919 B
TOML
27 lines
919 B
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0006"
|
|
package = "ncurses"
|
|
date = "2019-06-15"
|
|
title = "Buffer overflow and format vulnerabilities in functions exposed without unsafe"
|
|
url = "https://github.com/RustSec/advisory-db/issues/106"
|
|
description = """
|
|
`ncurses` exposes functions from the ncurses library which:
|
|
|
|
- Pass buffers without length to C functions that may write an arbitrary amount of
|
|
data, leading to a buffer overflow. (`instr`, `mvwinstr`, etc)
|
|
- Passes rust &str to strings expecting C format arguments, allowing hostile
|
|
input to execute a format string attack, which trivially allows writing
|
|
arbitrary data to stack memory (functions in the `printw` family).
|
|
"""
|
|
aliases = ["CVE-2019-15547", "CVE-2019-15548"]
|
|
|
|
[affected.functions]
|
|
"ncurses::instr" = [">= 0"]
|
|
"ncurses::mvwinstr" = [">= 0"]
|
|
"ncurses::printw" = [">= 0"]
|
|
"ncurses::mvprintw" = [">= 0"]
|
|
"ncurses::mvwprintw" = [">= 0"]
|
|
|
|
[versions]
|
|
patched = []
|