-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
RustRust| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ncurses | rust | <= 6.0.1 |
Miggo AIRoot Cause AnalysisThe vulnerability lies in a common pattern across multiple string-reading functions in the ncurses-rs library. These functions allocate a buffer (either a Vec<chtype> or a String) and pass it to an underlying C function from the ncurses library to be filled with data read from the screen. The core of the vulnerability is in the logic that determines the length of the data read. In cases where the underlying C function does not find a null terminator in the input, these wrapper functions incorrectly assume that the entire buffer capacity has been filled with valid data. They do this by calling s.set_len(capacity). This action makes uninitialized memory, which may contain sensitive data from previous operations, accessible as if it were valid string or vector content. The analysis of the src/lib.rs file reveals 11 functions that explicitly follow this flawed pattern. An additional function, wgetnstr, has a similar issue where it sets the buffer length to its capacity before the read, and then iterates over it, potentially reading uninitialized memory. Several other functions are wrappers that directly call these vulnerable functions, thus propagating the vulnerability. Since the ncurses-rs repository is archived and unmaintained, no patch is available.
inchnstrsrc/lib.rs
inchstrsrc/lib.rs
innstrsrc/lib.rs
mvwinchnstrsrc/lib.rs
mvwinchstrsrc/lib.rs
mvwinnstrsrc/lib.rs
mvwinstrsrc/lib.rs
winchnstrsrc/lib.rs
winchstrsrc/lib.rs
winnstrsrc/lib.rs
winstrsrc/lib.rs
wgetnstrsrc/lib.rs
Ongoing coverage of React2Shell