漏洞信息详情

ncurses 缓冲区错误漏洞

• CNNVD编号：CNNVD-201910-821
• 危害等级： 中危
  
• CVE编号： CVE-2019-17594
• 漏洞类型： 缓冲区错误
• 发布时间： 2019-10-14
• 威胁类型： 本地
• 更新时间： 2022-09-16
• 厂        商：
• 漏洞来源： Gentoo

漏洞简介

ncurses是一个字符终端处理库，它能够提供一系列函数以供用户调用并生成基于文本的用户界面。

ncurses 6.1-20191012之前版本中的terminfo库的tinfo/comp_hash.c文件的‘_nc_find_entry’函数存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

漏洞公告

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://lists.gnu.org/archive/HTML/bug-ncurses/2019-10/msg00045.HTML

参考网址

来源:MISC

链接:https://lists.gnu.org/archive/HTML/bug-ncurses/2019-10/msg00017.HTML

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.HTML

来源:MISC

链接:https://lists.gnu.org/archive/HTML/bug-ncurses/2019-10/msg00045.HTML

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.HTML

来源:GENTOO

链接:https://security.gentoo.org/glsa/202101-28

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20193094-1.HTML

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2019/suse-su-20192997-1.HTML

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021111136

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.0245

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.3977

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/167956/Red-Hat-Security-Advisory-2022-5840-01.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3905

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.1071

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4019

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164845/Red-Hat-Security-Advisory-2021-4426-03.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165862/Red-Hat-Security-Advisory-2022-0434-05.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165631/Red-Hat-Security-Advisory-2022-0202-04.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.0716

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/167488/Ubuntu-Security-Notice-USN-5477-1.HTML

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-17594

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/ncurses-out-of-bounds-memory-reading-via-nc-find-entry-30901

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165135/Red-Hat-Security-Advisory-2021-4914-06.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165129/Red-Hat-Security-Advisory-2021-4902-06.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/161126/Gentoo-Linux-Security-Advisory-202101-28.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165209/Red-Hat-Security-Advisory-2021-5038-04.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/168352/Red-Hat-Security-Advisory-2022-6429-01.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.3821

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/166489/Red-Hat-Security-Advisory-2022-1081-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/168042/Red-Hat-Security-Advisory-2022-5069-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165096/Red-Hat-Security-Advisory-2021-4845-05.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.0394

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.0493

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.4513/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3935

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165286/Red-Hat-Security-Advisory-2021-5128-06.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3755

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.4377/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4229

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/168392/Red-Hat-Security-Advisory-2022-6526-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165002/Red-Hat-Security-Advisory-2021-4032-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165099/Red-Hat-Security-Advisory-2021-4848-07.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4059

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/166051/Red-Hat-Security-Advisory-2022-0580-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/166789/Red-Hat-Security-Advisory-2022-1396-01.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4254

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/165758/Red-Hat-Security-Advisory-2022-0318-06.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4095

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4172

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.1837

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/166308/Red-Hat-Security-Advisory-2022-0842-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164967/Red-Hat-Security-Advisory-2021-4627-01.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.1677

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.4568

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2022.4601

受影响实体

暂无

补丁

• ncurses 缓冲区错误漏洞的修复措施