-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is a segmentation fault in _nc_wrap_entry as stated in the CVE description and confirmed by the GDB backtrace in the bug report. This function is therefore directly involved in the manifestation of the vulnerability. The patch announcement indicates that the fix involved adding a check for the return value of _nc_save_str in the file ncurses/tinfo/parse_entry.c. The GDB backtrace shows _nc_parse_entry calling (possibly indirectly) _nc_wrap_entry, and _nc_parse_entry is a key function within parse_entry.c. Therefore, _nc_parse_entry (or a closely related function within parse_entry.c) contained the original logical flaw (missing error check) that led to the conditions causing _nc_wrap_entry to crash. Both functions would appear in a runtime profile during exploitation: _nc_parse_entry as part of the flawed logic path, and _nc_wrap_entry as the function where the crash occurs.
Ongoing coverage of React2Shell