CVE-2020-19189: Buffer Overflow
First published: Tue Aug 22 2023(Updated: )
Accessibility. A privacy issue was addressed with improved private data redaction for log entries.
Credit: CVE-2020-19185 CVE-2020-19186 CVE-2020-19187 CVE-2020-19188 CVE-2020-19189 CVE-2020-19190 cve@mitre.org Noah Roskin-Frazee Pr Ivan Fratric Google Project Zero Trend Micro Zero Day InitiativeMichael DePlante @izobashi Trend Micro Zero Day InitiativeMickey Jin @patch1t an anonymous researcher Marc Newlin SkySafeKoh M. Nakagawa @tsunek0h CVE-2023-38545 CVE-2023-38039 CVE-2023-38546 Yann GASCUEL Alter SolutionsAnthony Cruz Tyrant Corp @App Wojciech Regula SecuRingZhenjiang Zhao Pangu TeamQianxin Junsung Lee Meysam Firouzi @R00tkitSMM Pan ZhenPeng @Peterpan0927 STAR Labs SG PteEloi Benoist-Vanderbeken @elvanderb SynacktivCVE-2023-42893 CVE-2023-3618 Ron Masas BreakPointCsaba Fitzl @theevilbit OffSecCsaba Fitzl @theevilbit Offensive SecurityArsenii Kostromin (0x3c3e) Mattie Behrens Joshua Jewett @JoshJewett33 Zhongquan Li @Guluisacat Zhongquan Li @Guluisacat Dawn Security Lab of JingDongCVE-2023-5344 Pwn2car Zoom Offensive Security Team Nan Wang @eternalsakura13 360 Vulnerability Research Instituterushikesh nandedkar SungKwon Lee (Demon.Team) Kirin @Pwnrin Don Clarke
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/ncurses | <6.1+20191019-1 | 6.1+20191019-1 |
| ubuntu/ncurses | <6.1-1ubuntu1.18.04.1+ | 6.1-1ubuntu1.18.04.1+ |
| ubuntu/ncurses | <5.9+20140118-1ubuntu1+ | 5.9+20140118-1ubuntu1+ |
| ubuntu/ncurses | <6.0+20160213-1ubuntu1+ | 6.0+20160213-1ubuntu1+ |
| debian/ncurses | <=6.1+20181013-2+deb10u2 | 6.1+20181013-2+deb10u5 6.2+20201114-2+deb11u2 6.4-4 6.4+20240113-1 |
| Apple macOS Monterey | <12.7.2 | 12.7.2 |
| IBM Cognos Analytics | <=12.0.0-12.0.3 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 | |
| Apple macOS | <14.2 | 14.2 |
| Apple macOS | <13.6.3 | 13.6.3 |
| ncurses | =6.1 | |
| netapp active iq unified manager vsphere | ||
| Debian | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
- https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html
- https://security.netapp.com/advisory/ntap-20231006-0005/
- https://support.apple.com/kb/HT214036
- https://support.apple.com/kb/HT214037
- https://support.apple.com/kb/HT214038
- http://seclists.org/fulldisclosure/2023/Dec/9
- http://seclists.org/fulldisclosure/2023/Dec/10
- http://seclists.org/fulldisclosure/2023/Dec/11
- https://launchpad.net/bugs/cve/CVE-2020-19189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19189
- https://ubuntu.com/security/notices/USN-6451-1
- https://nvd.nist.gov/vuln/detail/CVE-2020-19189
- https://security-tracker.debian.org/tracker/CVE-2020-19189
- https://ubuntu.com/security/CVE-2020-19189
- https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
- https://support.apple.com/en-us/HT214037 (Advisory)
- https://www.ibm.com/support/pages/node/7177223 (Advisory)
- https://support.apple.com/en-us/HT214036 (Advisory)
- https://support.apple.com/en-us/HT214038 (Advisory)
- https://support.apple.com/en-us/120879 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-42919
- CVE-2023-42894
- CVE-2023-42896
- CVE-2023-42886
- CVE-2023-42931
- CVE-2023-41989
- CVE-2023-42892
- CVE-2023-42922
- CVE-2023-42834
- CVE-2023-42899
- CVE-2023-42891
- CVE-2023-42974
- CVE-2023-42914
- CVE-2023-42893
- CVE-2023-3618
- CVE-2020-19185
- CVE-2020-19186
- CVE-2020-19187
- CVE-2020-19188
- CVE-2020-19189
- CVE-2020-19190
- CVE-2023-42838
- CVE-2023-42836
- CVE-2023-42936
- CVE-2023-42930
- CVE-2023-42932
- CVE-2023-42947
- CVE-2023-5344
- CVE-2023-42874
- CVE-2023-42937
- CVE-2023-42901
- CVE-2023-42902
- CVE-2023-42912
- CVE-2023-42903
- CVE-2023-42904
- CVE-2023-42905
- CVE-2023-42906
- CVE-2023-42907
- CVE-2023-42908
- CVE-2023-42909
- CVE-2023-42910
- CVE-2023-42911
- CVE-2023-42926
- CVE-2023-42882
- CVE-2023-42881
- CVE-2023-42924
- CVE-2023-42884
- CVE-2023-45866
- CVE-2023-42900
- CVE-2023-38545
- CVE-2023-38039
- CVE-2023-38546
- CVE-2023-42898
- CVE-2023-42888
- CVE-2023-42887
- CVE-2023-40390
- CVE-2023-42842
- CVE-2023-42913
- CVE-2023-40389
- CVE-2023-42890
- CVE-2023-42883
- CVE-2023-42950
- CVE-2023-42956
- CVE-2023-42952
Frequently Asked Questions
What is the vulnerability ID for this buffer overflow vulnerability?
The vulnerability ID for this buffer overflow vulnerability is CVE-2020-19189.
Where does the buffer overflow vulnerability occur?
The buffer overflow vulnerability occurs in the postprocess_terminfo function in tinfo/parse_entry.c at line 997.
What software is affected by this buffer overflow vulnerability?
The Gnu Ncurses software version 6.1 is affected by this buffer overflow vulnerability.
How can a remote attacker exploit this buffer overflow vulnerability?
A remote attacker can exploit this buffer overflow vulnerability by sending crafted commands.
What is the severity of this buffer overflow vulnerability?
The severity of this buffer overflow vulnerability is medium, with a severity value of 6.5.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/apple-support
- source/Apple
- alias/CVE-2020-19186
- alias/CVE-2020-19187
- alias/CVE-2020-19188
- alias/CVE-2020-19189
- alias/CVE-2020-19190
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/last-modified-date
- agent/trending
- agent/source
- agent/software-canonical-lookup-request
- agent/softwarecombine
- alias/CVE-2023-42901
- alias/CVE-2023-42902
- alias/CVE-2023-42912
- alias/CVE-2023-42903
- alias/CVE-2023-42904
- alias/CVE-2023-42905
- alias/CVE-2023-42906
- alias/CVE-2023-42907
- alias/CVE-2023-42908
- alias/CVE-2023-42909
- alias/CVE-2023-42910
- alias/CVE-2023-42911
- alias/CVE-2023-42926
- alias/CVE-2023-42882
- alias/CVE-2023-42881
- alias/CVE-2023-42924
- alias/CVE-2023-42896
- alias/CVE-2023-42884
- alias/CVE-2023-45866
- alias/CVE-2023-42900
- alias/CVE-2023-42886
- alias/CVE-2023-38545
- alias/CVE-2023-38039
- alias/CVE-2023-38546
- alias/CVE-2023-42931
- alias/CVE-2023-42892
- alias/CVE-2023-42922
- alias/CVE-2023-42898
- alias/CVE-2023-42899
- alias/CVE-2023-42888
- alias/CVE-2023-42891
- alias/CVE-2023-42974
- alias/CVE-2023-42914
- alias/CVE-2023-42893
- alias/CVE-2023-3618
- alias/CVE-2020-19185
- alias/CVE-2023-42887
- alias/CVE-2023-42936
- alias/CVE-2023-40390
- alias/CVE-2023-42842
- alias/CVE-2023-42930
- alias/CVE-2023-42913
- alias/CVE-2023-42932
- alias/CVE-2023-42947
- alias/CVE-2023-40389
- alias/CVE-2023-5344
- alias/CVE-2023-42890
- alias/CVE-2023-42883
- alias/CVE-2023-42950
- alias/CVE-2023-42956
- alias/CVE-2023-42919
- alias/CVE-2023-42894
- alias/CVE-2023-42937
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/description
- collector/nvd-api
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- vendor/apple
- canonical/apple macos monterey
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.3
- version/ibm cognos analytics/11.2.0-11.2.4 fp4
- canonical/apple macos
- vendor/gnu
- canonical/ncurses
- version/ncurses/6.1
- vendor/netapp
- canonical/netapp active iq unified manager vsphere
- vendor/debian
- canonical/debian
- version/debian/10.0