CVE-2019-17595
First published: Mon Oct 14 2019(Updated: )
GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU ncurses | <6.2 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| IBM QRadar SIEM | <=7.5.0 GA | |
| IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
| IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html
- https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html
- https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
- https://security.gentoo.org/glsa/202101-28
- https://exchange.xforce.ibmcloud.com/vulnerabilities/168972
- https://www.ibm.com/support/pages/node/6574787 (Advisory)
Frequently Asked Questions
What is CVE-2019-17595?
CVE-2019-17595 is a vulnerability in GNU ncurses that could allow a remote attacker to obtain sensitive information.
How does CVE-2019-17595 work?
CVE-2019-17595 is caused by a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library.
What is the severity of CVE-2019-17595?
CVE-2019-17595 has a severity rating of 3.3 (low).
Which software is affected by CVE-2019-17595?
IBM QRadar SIEM versions 7.5.0 GA, 7.4.3 GA - 7.4.3 FP4, and 7.3.3 GA - 7.3.3 FP10 are affected by CVE-2019-17595.
How can I fix CVE-2019-17595?
To fix CVE-2019-17595, apply the relevant patches provided by IBM for your version of IBM QRadar SIEM: 7.5.0 GA (URL: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220215133427&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true), 7.4.3 GA - 7.4.3 FP4 (URL: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220307203834&includeRequisites=1&includeSupersedes=0&downloadMethod=http), or 7.3.3 GA - 7.3.3 FP10 (URL: https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220318161607&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR).
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/gnu
- canonical/gnu ncurses
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 ga
- version/ibm qradar siem/7.4.3 ga - 7.4.3 fp4
- version/ibm qradar siem/7.3.3 ga - 7.3.3 fp10