cursive icon indicating copy to clipboard operation
cursive copied to clipboard

Published 20 hours ago verified publisher icon gyscos

[BUG] ncurses vulnerability - CVE-2019-15548

Open Terkwood opened this issue 2 years ago • 1 comments

Describe the bug ncurses is subject to the vulnerability listed in https://nvd.nist.gov/vuln/detail/CVE-2019-15548

Environment

  • Cursive commit https://github.com/gyscos/cursive/commit/0c6669d6732c3cffeda983958bd9a0fe05ac3b44 (at least)

Terkwood avatar Jun 19 '22 14:06 Terkwood

Thanks for the report!

I don't think we use the affected functions, but it doesn't hurt to update to the latest version of fixed.

gyscos avatar Jun 19 '22 14:06 gyscos

More information can be found here: https://rustsec.org/advisories/RUSTSEC-2019-0006

Affected functions:

  • ncurses::instr
  • ncurses::mvprintw
  • ncurses::mvwinstr
  • ncurses::mvwprintw
  • ncurses::printw

I don't think we use the affected functions

Yeah, I couldn't find any usage of an affected function either.

but it doesn't hurt to update to the latest version of fixed

So far there's no fix available: https://github.com/jeaye/ncurses-rs/issues/209

dbrgn avatar Sep 27 '22 09:09 dbrgn

Will close this for now. Thank you

Terkwood avatar Sep 27 '22 11:09 Terkwood