ROSA LABROSA-SA-2024-2364Advisory ROSA-SA-2024-2364
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
7 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
50.7%
Software: ncurses 6.1
OS: ROSA Virtualization 2.1
package_evr_string: ncurses-6.1-9.20180224.rv3
CVE-ID: CVE-2019-17594
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: There is a heap-based buffer enumeration in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses.
CVE-STATUS: Fixed
CVE-REV: Run yum update ncurses to close it
CVE-ID: CVE-2019-17595
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The fmt_entry function in tinfo/comp_hash.c of the terminfo library in ncurses has heap-based buffer enumeration.
CVE-STATUS: Fixed
CVE-REV: Run yum update ncurses to close it
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
7 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
50.7%