CVE-2023-45918
Published: 16 February 2024
ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.
Notes
Author | Note |
---|---|
Priority reason: no security impact as terminfo files are trusted |
|
mdeslaur | This is in the code that parses terminfo database files. terminfo files are normally trusted, and since the fix for CVE-2023-29491, we no longer parse terminfo files when apps are setuid. As such, this doesn't really have a security impact. Setting priority to low. fixed in 20230615 |