GHSA-g7r5-x7cr-vm3v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g7r5-x7cr-vm3v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-g7r5-x7cr-vm3v/GHSA-g7r5-x7cr-vm3v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g7r5-x7cr-vm3v
- Aliases
-
- CVE-2019-15547
- CVE-2019-15548
- GHSA-32v7-ghpr-c8hg
- RUSTSEC-2019-0006
- Published
- 2021-08-25T20:58:29Z
- Modified
- 2023-11-08T04:01:13.981343Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Buffer overflow and format vulnerabilities in ncurses
- Details
-
ncurses exposes functions from the ncurses library which: * Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. (instr, mvwinstr, etc) * Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory (functions in the printw family).
- Database specific
{ "cwe_ids": [ "CWE-119" ], "nvd_published_at": null, "github_reviewed": true, "severity": "CRITICAL", "github_reviewed_at": "2021-08-18T17:45:15Z" }- References
Affected packages
crates.io / ncurses
Package
- Name
- ncurses
- View open source insights on deps.dev
- Purl
- pkg:cargo/ncurses