cve/2023/CVE-2023-29491.md

CVE-2023-29491

Description

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

POC

Reference

• http://www.openwall.com/lists/oss-security/2023/04/19/11

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/seal-community/patches
• https://github.com/yo-yo-yo-jbo/yo-yo-yo-jbo.github.io