ALAS2-2022-1893 --- ncursesID: oval:org.secpod.oval:def:1701090 | Date: (C)2022-12-08 (M)2024-04-17 |
Class: PATCH | Family: unix |
The ncurses package is susceptible to a heap overflow on crafted input. When the terminfo entry-description compiler processes input, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability. A segmentation fault vulnerability was found in ncurses's convert_strings function of tinfo/read_entry.c file. This flaw occurs due to corrupted terminfo data, triggering an out-of-bounds read error