Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-29491

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Related bugs and status

CVE-2023-29491 (Candidate) is related to these bugs:

Bug #2038881: [Debian] High CVE: CVE-2023-29491 ncurses: trigger security-relevant memory corruption

Summary				In	Importance	Status
	2038881	[Debian] High CVE: CVE-2023-29491 ncurses: trigger security-relevant memory corruption		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://ncurses.scripts...
MISC: https://www.openwall.c...
MISC: https://www.openwall.c...
MLIST: [oss-security] 2023041...
MLIST: [oss-security] 2023041...
CONFIRM: https://security.netap...
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2024-96090dafaf