cve/2019/CVE-2019-17594.md

CVE-2019-17594

Description

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

POC

Reference

• https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html
• https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html

Github

• https://github.com/Shubhamthakur1997/CICD-Demo
• https://github.com/dcambronero/CloudGuard-ShiftLeft-CICD-AWS
• https://github.com/jaydenaung/CloudGuard-ShiftLeft-CICD-AWS
• https://github.com/nedenwalker/spring-boot-app-using-gradle
• https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln