CVE-2020-19189: Buffer Overflow
First published: Tue Aug 22 2023(Updated: )
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
Credit: CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/ncurses | <6.1+20191019-1 | 6.1+20191019-1 |
| ubuntu/ncurses | <6.1-1ubuntu1.18.04.1+ | 6.1-1ubuntu1.18.04.1+ |
| ubuntu/ncurses | <5.9+20140118-1ubuntu1+ | 5.9+20140118-1ubuntu1+ |
| ubuntu/ncurses | <6.0+20160213-1ubuntu1+ | 6.0+20160213-1ubuntu1+ |
| debian/ncurses | <=6.1+20181013-2+deb10u2 | 6.1+20181013-2+deb10u5 6.2+20201114-2+deb11u2 6.4-4 6.4+20240113-1 |
| GNU ncurses | =6.1 | |
| Netapp Active Iq Unified Manager Vsphere | ||
| Debian Debian Linux | =10.0 | |
| Apple macOS Sonoma | <14.2 | 14.2 |
| Apple macOS Ventura | <13.6.3 | 13.6.3 |
| Apple macOS Monterey | <12.7.2 | 12.7.2 |
| IBM Cognos Analytics | <=12.0.0-12.0.3 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
- https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html
- https://security.netapp.com/advisory/ntap-20231006-0005/
- https://support.apple.com/kb/HT214036
- https://support.apple.com/kb/HT214037
- https://support.apple.com/kb/HT214038
- http://seclists.org/fulldisclosure/2023/Dec/9
- http://seclists.org/fulldisclosure/2023/Dec/10
- http://seclists.org/fulldisclosure/2023/Dec/11
- https://launchpad.net/bugs/cve/CVE-2020-19189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19189
- https://ubuntu.com/security/notices/USN-6451-1
- https://nvd.nist.gov/vuln/detail/CVE-2020-19189
- https://security-tracker.debian.org/tracker/CVE-2020-19189
- https://ubuntu.com/security/CVE-2020-19189
- https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
- https://support.apple.com/en-us/HT214036 (Advisory)
- https://support.apple.com/en-us/HT214038 (Advisory)
- https://support.apple.com/en-us/HT214037 (Advisory)
- https://www.ibm.com/support/pages/node/7177223 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-42874
- CVE-2023-42937
- CVE-2023-42919
- CVE-2023-42894
- CVE-2023-42901
- CVE-2023-42902
- CVE-2023-42912
- CVE-2023-42903
- CVE-2023-42904
- CVE-2023-42905
- CVE-2023-42906
- CVE-2023-42907
- CVE-2023-42908
- CVE-2023-42909
- CVE-2023-42910
- CVE-2023-42911
- CVE-2023-42926
- CVE-2023-42882
- CVE-2023-42881
- CVE-2023-42924
- CVE-2023-42896
- CVE-2023-42884
- CVE-2023-45866
- CVE-2023-42900
- CVE-2023-42886
- CVE-2023-38545
- CVE-2023-38039
- CVE-2023-38546
- CVE-2023-42931
- CVE-2023-42892
- CVE-2023-42922
- CVE-2023-42898
- CVE-2023-42899
- CVE-2023-42888
- CVE-2023-42891
- CVE-2023-42974
- CVE-2023-42914
- CVE-2023-42893
- CVE-2023-3618
- CVE-2020-19185
- CVE-2020-19186
- CVE-2020-19187
- CVE-2020-19188
- CVE-2020-19189
- CVE-2020-19190
- CVE-2023-42887
- CVE-2023-42936
- CVE-2023-40390
- CVE-2023-42842
- CVE-2023-42930
- CVE-2023-42913
- CVE-2023-42932
- CVE-2023-42947
- CVE-2023-40389
- CVE-2023-5344
- CVE-2023-42890
- CVE-2023-42883
- CVE-2023-42950
- CVE-2023-42956
- CVE-2023-42952
- CVE-2023-41989
- CVE-2023-42834
- CVE-2023-42838
- CVE-2023-42836
Frequently Asked Questions
What is the vulnerability ID for this buffer overflow vulnerability?
The vulnerability ID for this buffer overflow vulnerability is CVE-2020-19189.
Where does the buffer overflow vulnerability occur?
The buffer overflow vulnerability occurs in the postprocess_terminfo function in tinfo/parse_entry.c at line 997.
What software is affected by this buffer overflow vulnerability?
The Gnu Ncurses software version 6.1 is affected by this buffer overflow vulnerability.
How can a remote attacker exploit this buffer overflow vulnerability?
A remote attacker can exploit this buffer overflow vulnerability by sending crafted commands.
What is the severity of this buffer overflow vulnerability?
The severity of this buffer overflow vulnerability is medium, with a severity value of 6.5.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/apple-support
- source/Apple
- alias/CVE-2020-19186
- alias/CVE-2020-19187
- alias/CVE-2020-19188
- alias/CVE-2020-19189
- alias/CVE-2020-19190
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/trending
- package-manager/ubuntu
- package-manager/debian
- vendor/gnu
- canonical/gnu ncurses
- version/gnu ncurses/6.1
- vendor/netapp
- canonical/netapp active iq unified manager vsphere
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/apple
- canonical/apple macos sonoma
- canonical/apple macos ventura
- canonical/apple macos monterey
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.3
- version/ibm cognos analytics/11.2.0-11.2.4 fp4