CVE-2023-29491
CVE Details
Visit the official vulnerability details page for CVE-2023-29491 to learn more.
Initial Publication
11/13/2024
Last Update
12/12/2024
Third Party Dependency
libtinfo6
NIST CVE Summary
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
CVE Severity
Our Official Summary
This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. The impact of this CVE is rated moderate for several reasons which make it difficult to exploit or limited consequences: a) The only outcome is memory corruption possibly leading to a crash b) There is no privilege escalation posible c) It cannot be triggered remotely, an attacker must have local access.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.4.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 12/12/2024 | Official summary added |