Uncursing the ncurses

Explore a comprehensive analysis of memory corruption vulnerabilities discovered in ncurses, identified as CVE-2023-29491, in this 44-minute conference talk from the 44CON Information Security Conference. Delve into the potential impacts of these vulnerabilities, ranging from memory leaks and denial-of-service attacks to privilege escalation and arbitrary code execution. Learn about the history of ncurses, a widely-used library for developing text-based user interface programs, and understand its significance in various operating systems. Discover the process of selecting ncurses for scrutiny, the concept of terminal databases and terminfo format, and how a single environment variable can trigger these vulnerabilities. Gain insights from Emanuele Cozzi, a Security Researcher at Microsoft Defender, as he shares his expertise in Linux security, binary analysis, and malware research.

Emanuele Cozzi - Uncursing the ncurses