all InfoSec news
Uncursing the ncurses: Memory corruption vulnerabilities found in library
Malware Analysis, News and Indicators - Latest topics malware.news
Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI). Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface (POSIX) operating systems, including Linux, macOS, and FreeBSD. Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious actions.
One of the most common vulnerabilities …
apis called corruption environment environment variable found freebsd interface library linux macos memory memory corruption microsoft operating system operating systems portable posix support system systems text variable vulnerabilities