Bug 2254244 (CVE-2023-50495)

Summary: CVE-2023-50495 ncurses: segmentation fault via _nc_wrap_entry()
Product: [Other] Security Response Reporter: Patrick Del Bello <pdelbell>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bdettelb, caswilli, dfreiber, drow, fjansen, hkataria, jburrell, jmitchel, jorton, jsherril, jtanner, kaycoth, kshier, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ncurses-6.4 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the NCurses package, where a segmentation fault may be triggered through _nc_wrap_entry().
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2254245    
Bug Blocks: 2254238    

Description Patrick Del Bello 2023-12-12 20:21:37 UTC 
NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html
https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html
Comment 1 Patrick Del Bello 2023-12-12 20:21:59 UTC 
Created ncurses tracking bugs for this issue:

Affects: fedora-all [bug 2254245]
Comment 3 Joe Orton 2023-12-13 13:00:22 UTC 
This looks like it can only be triggered via "tic", which is used to process terminfo from source to compiled form, and the input is trusted. The practical impact is very limited - it is similar to gcc crashing - why has this been assigned a CVE name at all?