A set of memory corruption flaws have been discovered in the ncurses programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems.
The vulnerabilities, collectively tracked as CVE-2023-29491 (CVSS score of 7.8), have been addressed as of April 2023. Microsoft said it also worked with Apple on remediating the macOS-specific issues related to these flaws.
Microsoft’s code auditing and fuzzing found that the ncurses library searches for several environment variables, including TERMINFO, which could be poisoned and combined with the identified flaws to achieve privilege escalation. Terminfo is a database that enables programs to use display terminals in a device-independent manner.
The flaws encompass a stack information leak, a parameterized string type confusion, an off-by-one error, a heap out-of-bounds during term info database file parsing, and a denial-of-service with canceled strings.
“The vulnerabilities may have needed to be chained together for an attacker to elevate privileges, such as exploiting the stack information leak to gain arbitrary read primitives along with exploiting the heap overflow to obtain a write primitive.”
Source: https://thehackernews.com/
