OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
eb02e7e60eec3b4ceeb3459970eb11e5a65726d8
advisory-db/crates/ncurses/RUSTSEC-2019-0006.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

949 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2019-0006"
package = "ncurses"
aliases = ["CVE-2019-15547", "CVE-2019-15548", "GHSA-32v7-ghpr-c8hg", "GHSA-g7r5-x7cr-vm3v"]
date = "2019-06-15"
url = "https://github.com/RustSec/advisory-db/issues/106"

[affected.functions]
"ncurses::instr" = [">= 0"]
"ncurses::mvprintw" = [">= 0"]
"ncurses::mvwinstr" = [">= 0"]
"ncurses::mvwprintw" = [">= 0"]
"ncurses::printw" = [">= 0"]

[versions]
patched = []

Buffer overflow and format vulnerabilities in functions exposed without unsafe

ncurses exposes functions from the ncurses library which:

  • Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. (instr, mvwinstr, etc)
  • Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory (functions in the printw family).